After exploit kit usage had gone up by 75% in 2015, it was only a matter of time before the notorious Angler Exploit Kit showed signs of activity and indeed, it was seen adding a new tool to its malware portfolio. CryptoWall 4.0, first uncovered and analyzed by Bitdefender researchers in November 2015, is the latest threat to be added to the malicious arsenal.
CryptoWall 4.0 is a ransomware that encrypts files under the false pretenses of testing AV solutions for their “suitability” to protect data. Compared with its predecessors, the malware displays a redesigned ransom message, while also encoding the names of the files.
First identified in 2013, Angler is one of the most used exploits kits by cyber-attackers.
It became more prevalent in the second half of 2014 thanks to features such as: unique obfuscation, antivirus detection/virtualization software, encrypted payload and fileless infections as well as its ability to deliver a wide range of payloads including banking Trojans, rootkits, ransomware, and backdoor Trojans.
In 2015, researchers from Palo Alto Networks have discovered that cybercrime groups using the Angler exploit kit infected around 90,000 websites, with 30 of these ranked in Alexa’s Top 100,000.
Cybercriminal activities in the dark web have been constantly adapting and thriving, with malware-as-a-service business reaching the same complexity, scale and management as a legit outsourcing business.
Angler is a prime weapon and revenue source for cyber-criminals. When Cisco disrupted the operations of a gang responsible for up to 50% of Angler’s Exploit Kit activity, it caused losses of more than $30 million.
Should we expect a spike in ransomware in 2016?
With exploit kits easily available for the right amount of money, ransomware has the potential to become even more persistent and thus, more successful in extorting users. Angler remains a major threat on the malware landscape today and shows just how much money there is to be made by illicit activities.