Hackers are using Nuclear Exploit Kit to Spread Cryptowall 4.0 Ransomware

 
cryptowall-ransomware-malware
Beware Internet Users!
Cryptowall 4.0 – the newest version of the world's worst Ransomware – has surfaced in the Nuclear exploit kit, one of the most potent exploit kits available in the underground market for hacking into computers.
Ransomware threat has emerged as one of the biggest threats to internet users in recent times. Typically, a Ransomware malware encrypts all files on victim’s computer with a strong cryptographic algorithm, then demand a ransom to be paid in Bitcoin (range between $200 and $10,000).
Cryptowall is currently among the most widespread and sophisticated family of Ransomware backed by a very robust back-end infrastructure.


The recent report dated back to last month suggested that the authors of Cryptowall 3.0 ransomware virus have managed to raise more than $325 Million in revenue in the past year alone.
With the debut of Cryptowall 4.0 at the beginning of this month, ransomware threat has become more sophisticated and advanced as Cryptowall 4.0 is employing "vastly improved" communications as well as better design code so that it can exploit more vulnerabilities.

Cryptowall 4.0 Delivered via Nuclear Exploit Kit

Now less than a month after its release, Cryptowall 4.0 ransomware has been spotted to be delivered as part of a Nuclear Exploit Kit, according to the security researchers at the SANS Internet Storm Center (ISC).
Until recently, Cryptowall 4.0 has been distributed only via malicious spam and phishing emails, but now it has been infecting machines via an Exploit Kit.
SANS security researcher Brad Duncan wrote in a blog post published Tuesday that a cyber criminal working off domains belonging to Chinese registrar BizCN has been spreading the Cryptowall 4.0 ransomware via the Nuclear Exploit Kit.
Duncan said the cyber gang, dubbed the "BizCN gate actor" by him, began distributing the ransomware in payloads from the exploit kit as early as November 20.

Duncan published a whole technical analysis on the SANS ISC website that shows how Nuclear exploit kit infects a vulnerable Windows host.
"Since this information is now public, the BizCN gate actor may change [their] tactics," Duncan said in the post. "However, unless this actor initiates a drastic change, it can always be found again."
Cryptowall 4.0 made its debut earlier this month with upgrades that made it even more challenging for victims to recover files from compromised computers than its predecessor.
Cryptowall 4.0 now not only encrypts the data in your files but also encrypts the file names as well, with vastly improved communication capabilities.

What Should You do if You get Infected by Cryptowall 4.0?

Once your computer is infected by Cryptowall 4.0, unfortunately, there is not much you can do, as the encryption it uses is very strong and almost unbreakable.
The only options you are left with are:
  • Either, Format your computer and restore your data from the backup
  • Or, Pay the Ransom money for decryption key
However, we do not advise you to pay ransom as it does not guarantee that you'll get the decryption key and paying ransom would encourage criminal activities as well.

Prevention is the Best Practice

As I previously recommended, the best defense measure against Ransomware is creating awareness within the organizations, as well as maintaining backups that are regularly rotated.
Most viruses are introduced by opening infected attachments or clicking on links to malware usually contained in spam emails.
So, DO NOT CLICK on suspicious links provided in emails and attachments from unknown sources.
Moreover, ensure that your systems are running the latest version of Antivirus software with up to date malware definitions.

Comments

Post a Comment

Popular posts from this blog

Image
Beware! Built-in Keylogger Discovered In Several HP Laptop Models Do you own a Hewlett-Packard (HP) laptop? Yes? Just stop whatever you are doing and listen carefully: Your HP laptop may be silently recording everything you are typing on your keyboard. While examining Windows Active Domain infrastructures, security researchers from the Switzerland-based security firm Modzero have  discovered  a built-in keylogger in an HP audio driver that spy on your all keystrokes. In general,  Keylogger  is a program that records every keystroke by monitoring every key you have pressed on your keyboard. Usually, malware and trojans use this ability to steal your account information, credit card numbers, passwords, and other private data. HP computers come with Audio Chips developed by Conexant, a manufacturer of integrated circuits, who also develops drivers for its audio chips. Dubbed Conexant High-Definition (HD) Audio Driver, the driver helps the software to comm...
Read more

Anthem Data Breach — 6 Things You Need To Know

Image
Anthem Data Breach — 6 Things You Need To Know The Nation’s second largest  Health insurer company, Anthem , alerted its customers on Wednesday that hackers had stolen the personal information of over 80 Millions of its customers, making it the largest data breach and double the number of payment cards affected by  Target data breach  occurred in 2013. The stolen personal information includes residential addresses, birthdays, medical identification numbers, Social Security Numbers, email addresses and some income data belonging to both current and former customers and employees, including its own chief executive. 80 Million is a vast number — it's roughly the populations of California, Texas and Illinois when combined together. So far, there is no evidence whether financial or medical information of the company’s customers was compromised, according to a statement given by Anthem’s vice president, Kristin Binns. The health giant, based in Indianapol...
Read more
Image
Chrome Flaw Allows Sites to Secretly Record Audio/Video Without Indication What if your laptop is listening to everything that is being said during your phone calls or other people near your laptop and even recording video of your surrounding without your knowledge? Sounds really scary! Isn't it? But this scenario is not only possible but is hell easy to accomplish. A UX design flaw in the Google's Chrome browser could allow malicious websites to record audio or video without alerting the user or giving any visual indication that the user is being spied on. AOL developer Ran Bar-Zik  reported  the vulnerability to Google on April 10, 2017, but the tech giant declined to consider this vulnerability a valid security issue, which means that there is no official patch on the way. How Browsers Works With Camera & Microphone Before jumping onto vulnerability details, you first need to know that web browser based audio-video communication relies on WebR...
Read more