Skip to content
Malware family

CryptoWall

CryptoWall is a ransomware family referenced in the provided content as one of the major cryptomalware strains active during the mid-2010s.

Profile source: Mallory opens in a new tab

CryptoWall

Family profile

CryptoWall is a ransomware family referenced in the provided content as one of the major cryptomalware strains active during the mid-2010s. It is described as a copycat family in relation to CryptoLocker, but also as a major ransomware threat in its own right and part of the global surge in cryptomalware observed from mid-2014 onward. The content associates CryptoWall with file-encrypting ransomware activity and notes that, like CryptoLocker, it used unique Tor hidden service Bitcoin payment domains. CryptoWall is cited alongside other prominent ransomware families including CryptoDefense, Locky, Cerber, TeslaCrypt, CTB-Locker, GandCrab, and Magniber.

The content links CryptoWall to exploit-kit-driven delivery, specifically stating that Magnitude Exploit Kit has been known to drop CryptoWall, along with Locky, Cerber, Magniber, and GandCrab. It is also referenced in broader reporting on ransomware botnet/controller activity and malware trends. No specific threat actor is directly attributed as the developer or operator of CryptoWall in the provided material, but the malware is mentioned in contexts involving large-scale ransomware distribution ecosystems.

High-confidence behavioral details in the content are limited, but CryptoWall is consistently characterized as ransomware/cryptomalware that encrypts victim data and demands Bitcoin payment via Tor-based infrastructure. No specific industries, platforms, hashes, domains, wallet addresses, or other unique indicators of compromise are provided for CryptoWall itself in the supplied content.

C2 tracking

Seven-day C2 activity

Derp observations, rolling seven-day window

Observed infrastructure

Last seven days

First activity
Jul 19, 2026
Last activity
Jul 19, 2026
Feed role
C2
Host form
1 IP / 0 hostnames

Leading locations

  • LU1

Leading providers

  • Ghosty Networks LLC1

Infrastructure traits

  • Hosting 1

Samples

Recent associated samples

Exploited software

Vulnerabilities linked to CryptoWall

1 CVEs

MITRE ATT&CK

CryptoWall in ATT&CK

6 distinct techniques

Reporting

Research mentioning CryptoWall

Apr 14
Confiant

Internet Explorer CVE-2019-1367 In the wild Exploitation - prelude

Magnitude EK has been there since 2013, and known to drop very known ransomware families including: Locky, Cerber, Magniber, CryptoWall, GranCrab..

Jan 13
Cyber Security News

10 Types of Most Dangerous Malware Attack in 2026

"...ransomware... classified, including Cerber, CTB-Locker, TeslaCrypt, and CryptoWall."

Jan 17
Spamhaus

Botnet C&C | Spamhaus Botnet Summary 2016 | Annual Report

Rank C&Cs Malware Notes 4 305 CryptoWall Ransomware

Jul 11
Talos Intelligence

When Paying Out Doesn't Pay Off

"...lacks functionality which is associated with other ransomware such as Cryptowall."

Jun 9
Proofpoint Threat Insight

It's Quiet...Too Quiet: Necurs Botnet Outage Crimps Dridex and Locky Distribution

https://www.proofpoint.com/us/threat-insight/post/While-Dridex-Is-Away-Cryptowall-And-Vawtrak-Play

Feb 17
Proofpoint Threat Insight

Locky Ransomware Virus Delivered by Actor Behind Dridex | Proofpoint US

As both endpoint and network protection measures become increasingly capable of handling the ransomware that made headlines in the last couple of years (CryptoLocker, CryptoWall, etc.)...

Aug 18
The Register

Ransomware blueprints published on GitHub in the name of education

The malware is not nearly as slick as Cryptowall or Cryptolocker which sport unique Tor hidden service Bitcoin payment domains and have become a scourge of the internet in recent years.

Sep 26
Broadcom Community

Endpoint Protection - Symantec Enterprise

Since the middle of 2014, Symantec has observed a major global surge in the occurrence of many different cryptomalware families such as Cryptolocker, Cryptodefense, and Cryptowall.

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.