Less than a month after its release, researchers at the SANS Internet Storm Center (ISC) spotted the ransomware Cryptowall 4.0 being delivered as part of a nuclear exploit kit (EK).SANS security researcher Brad Duncan wrote in a November 24 ISC blog post that Cryptowall is usually associated with malicious spam and this is the first time he has noticed a version of the ransomware being delivered by an EK.Duncan dubbed the cybergang responsible for the attacks the “BizCN gate actor" because the domains it uses have been registered through the Chinese registrar BizCN. Duncan said the group began sending the ransomware in payloads from the EK as early as November 20. "Since this information is now public, the BizCN gate actor may change tactics. However, unless this actor initiates a drastic change, it can always be found again,” Duncan said in the post.
Threat Management, Incident Response, TDR, Threat Management
Cryptowall 4.0 spotted in nuclear exploit kit
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



