CryptoWall, CryptoLocker and Locky are all variants of the same type of infection known as ransomware. Ransomware is designed to do just what it says, to hold your digital assets for ransom. It might come in the form of an email or some download you initialize from the Internet or if you’re extremely unlucky, it just shows up without you doing anything at all – yes, this can and does happen! When executed, ransomware begins searching your system for high value targets (i.e. Word, Excel, pictures, line of business data files, mapped drivers) and in the background, the damage begins. Once the malware has accomplished the first two tasks it has set out to complete, now comes the fun part – asking for money.
If you’re like most people, you’re running some kind of antivirus (AV) on your system whether you realize it or not. If you’re running antivirus and have been getting a nagging message to upgrade/update your service but have been ignoring it…well, all I can say is that there really is no one to blame here but yourself. But what happens when your antivirus service IS running and IS up-to-date and you still get hit with ransomware? That’s the real question: why is my antivirus not working?
The Truth About Antivirus
Antiviruses rely heavily on detecting what is called a signature. One of the main issues with antivirus services today is that they can only block the virus signatures they know. Everything beyond what they know is automatically assumed to be good, which means that if an unknown anything comes their way, it is automatically overlooked. Today, modern viruses use advanced techniques like polymorphism and metamorphism. With them, viruses are able to change themselves on the fly or by actually modifying the code itself within the virus to continuously change. With both of these techniques, the signature is changing constantly and thus rendering the antivirus signature-based approach useless.