How to Block Cryptowall 3

Post to Twitter Post to Facebook Post to StumbleUpon

This content has been updated since the original publication. You can find all of our updated protection techniques in our Ransomware Prevention Kit.

Our friends at Calyptix Security have written several blog posts on the topic of file encrypting menaces, several of which reference our free Cryptolocker Prevention Kit. Now it’s our turn to share their knowledge. Read the blog post at Calyptix Security

Block – CryptoWall traffic is associated with IP Block this IP range by adding it to your static blacklist.

Patch – Always maintain the latest versions of your firmware, antivirus, operating systems, and other systems. Routinely update as new patches become available.

Educate – Explain to users the dangers and warning signs of phishing emails and suspicious attachments.

Backup – Maintain backups of all important files both onsite and offsite. Test them often. Ensure they are configured to prevent backup of infected files. <added by Third Tier, Make sure that your backup storage location is not writable by anyone other than the account running the backup>

Plan – Assume disaster is inevitable. Plan how you will respond.

Configure – Adjust security settings to prevent forced downloads.

Control – Use web filtering to control the sites users can access. Use egress or outbound traffic filtering to prevent connections to malicious hosts.

Read our other blog posts on blocking encrypting malware


Not a Third Tier customer yet? Let me introduce:  We’re Third Tier. We provide advanced Third Tier support for IT Professionals and MicroStaffing for IT consulting firms. Come on over, create an account (no charge) and follow our social media locations.

Third Tier Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN

Leave a comment

Your email address will not be published. Required fields are marked *

This blog is kept spam free by WP-SpamFree.

3 thoughts on “How to Block Cryptowall

  • Richard Young

    The ransom site was last seen at http:/
    which has an IP address of

    This site was recently used to pay a ransom to unlock files. I don’t know how this correlates to your ip range of but I have confirmed this IP address on 1/20/2015. This IP is needed to pay the ransom.