Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Bad romance: Ransomware, exploit kits in criminal cuddle

Leave the exploiting to the exploit kits, we'll focus on the fleecing

The lowlifes behind the Cryptowall ransomware seem to have decided it's no longer worth developing their own exploit kits. Instead, according to analysis by Cisco, they're relying on other popular exploits to distribute the malware.

The ransomware was considered one of the most effective ransomware offerings that encrypted a victim's data and offered a decryption key only after a ransom, often topping thousands of dollars was paid.

Crytpowall asked victims for US$500 worth of Bitcoins for thier data to be released.

Cisco researchers say writers of CryptoWall 3.0 have jettisoned the need to include its own exploits, with so many popular kits out there.

"The lack of any exploits in the dropper seems to indicate that the malware authors are focusing more on using exploit kits as an attack vector, since the exploit kit's functionality could be used to gain privilege escalation on the system," the TALOS team said in an advisory.

"Breaking any step in the attack chain will successfully prevent this attack.

"Therefore, blocking the initial phishing emails, blocking network connections to known malicious content, as well as stopping malicious process activity are critical to combating ransomware and preventing it from holding your data hostage."

The Cryptowall writers dumped some of the features introduced into version two and have added functionality including use of the Tor sister I2P network, a function noted last month by independent researchers known as Kafeine and Horge.

Version 2.0, Cisco engineers Andrea Allievi and Earl Carter said last month, sported multiple features to avoid detection by security researchers, some of which were now dropped, and the capability to run 64 bit code from the 32 bit dropper.

New ransomware variants have since emerged to ride the wake of success of Cryptowall and fellow criminal trailblazers. OphionLocker reared its ugly head in December, flipping about over malicious ad networks and using ecliptic curve cryptography to lock down data.

One of the more cunning productions emerged this month in the form of ransomware capable of quietly encrypting and decrypting web databases so that the compromise was not noticed for many months.

The passage of time meant backups would also be encrypted, so that when the decryption key was finally withdrawn, system administrators would have a lot more data to lose if they opted to not pay the ransom and restore from tapes. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like