A guide on all we know about CryptoWall can be found here:
CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ
Towards the end of April the developers of CryptoDefense released a new Ransomware variant titled CryptoWall. This variant is for the most part the same as CryptoDefense other than the name change and different filenames for the ransom instructions. It is speculated that the developers either released a new version because CryptoDefense was too well known by AV vendors or that they sold the code base to another malware developer. Unfortunately, just like the latest versions of CryptoDefense it is impossible to decrypt files that are encrypted by CryptoWall.
When CryptoWall is installed it will scan your computer for data files and encrypt them. It will then create files containing ransom instructions in every folder that it had encrypted a file. These ransom notes are DECRYPT_INSTRUCTION.HTML, DECRYPT_INSTRUCTION.TXT, and the DECRYPT_INSTRUCTION URL shortcut to the decryption service. Each of these files contains instructions on how you can access the CryptoWall Decrypt Service, which is located at hxxps://kpai7ycr7jxqkilp.torexplorer.com/ URL, and pay the ransom. The ransom is currently set to 500 USD and is payable with Bitcoins. The amount of Btcoins required will change based on their current price.
If you require more information regarding this infection you can ask in our dedicated CryptoWall support topic. This topic contains all information currently available and compiled from victims, malware researchers, and IT consultants. Unfortunately, the support that can be given is quite limited as there is no way to decrypt the files, but we are here to try and help in any way we can.