By Ionut Ilascu on October 3rd, 2014
Malware authors have officially updated CryptoWall, as version 2.0 has been spotted in the wild, using Tor anonymous network to establish a connection with the command and control server.
Although samples of the crypto-malware using Tor have been observed by security researchers a while back, they still had the 1.0 mark. The Tor component was not built into the crypto-malware, but downloaded as an encrypted binary from compromised websites.
Modified version 1.0 of the threat could have been a test build
Recently, a sample was caught that uses the ransom message to explicitly inform the owner of a compromised computer that their data has been locked with CryptoWall 2.0; Tor communication is used in this one, too.Ransom message refers to CryptoWall 2.0
Full Article