Ransom 2016 style
Hated Cryptowall 4.0 Now Infects Workstations with Powerful Exploit Kit
by Stu Sjouwerman for KnowBe4
Earlier than expected – but similar to Cryptowall 3.0 – a few weeks after its release, the hated Cryptowall 4.0 ransomware is now being delivered via the Nuclear Exploit Kit (NEK), according to security researchers at the SANS Internet Storm Center (ISC). Initially, Cryptowall 4.0 was only distributed via malicious spam and phishing emails, but now it has expanded infection of machines via a popular and powerful Exploit Kit.
The current total Cryptowall damage count of 325 million dollars will soon be 400 million. SANS security researcher Brad Duncan wrote in a blog post published Tuesday that a cyber criminal working off domains belonging to Chinese registrar BizCN has been spreading Cryptowall 4.0 ransomware using the NEK.
Duncan said the cyber gang, which he dubbed the “BizCN gate actor”, began distributing the ransomware in payloads from the exploit kit as early as November 20. Duncan published a whole technical analysis on the SANS ISC website which shows how Nuclear Exploit Kit infects a vulnerable Windows host. More at SANS:
Preventing ransomware infections gets hard with these exploit kits, unless you provide effective security awareness training to users, minimize the attack surface on your workstations, patch known vulnerabilities almost immediately, and have a rock-solid backup strategy in place when (not if) these measures fail.