New CryptoWall Versions
Then of course, there's CryptoWall, the big daddy. 2015 kicked off with a new variant of CryptoWall 2.0 that was full of new tricks. It used TOR on command-and-control traffic and could execute 64-bit code from its 32-bit dropper.
When CryptoWall 3.0 arrived on the scene, it was more streamlined and then spread mostly through exploit kits. CryptoWall 3.0 made $325 million in extortion payments in just the first 10 months, according to reports.
Then this fall, Cryptowall 4.0 appeared, using a very different style of ransom note. It was less of a classic "give me all your money" stick-up, and more like a combination of a welcome and threat from a particularly vicious homeowner's association -- urging community members to buy a $700 "software package" to decrypt their files...then urging more strongly.