CryptoWall 4.0 the newest ransomware to date is been spread by Angler Exploit Kits. A new drive-by download campaign is to blame for this attack.
Heimdal was the first to discover the malware nearly one month ago. It's also more stealthier than previous versions and also a lot stronger. This time the message is different and more filenames had been added to the list. Also users have to fork out $700 for the decryption key which makes it a hefty price to pay.
Firstly the Pony Information Stealer scrapes the computer of usernames and passwords by scouring the victims computer. Then it sends the information back to the Command & Control Server. The victim is then redirected to a different page which then drops the Angler Exploit Kit. The exploit kit then finds vulnerabilities in the system and then injects the malware into the system.
Over the first 24 hours alone Heimdal had found over 200 domains. The domains that were found originated in an hosting environment from Ukraine. And has thusfar hit computers in Denmark pretty hard where 100 sites were injected with the infamous malware. At the moment Security Experts say that it's best to not pay the ransom as the infection will return. It's important to have daily backups along with a good security program and to also have Windows Updates turned on.