Cryptowall 4.0 spotted in nuclear exploit kit

Researchers at SANS Internet Storm Center spotted a nuclear exploit kit delivering the Cryptowall ransomware in nuclear exploit kits.
Researchers at SANS Internet Storm Center spotted a nuclear exploit kit delivering the Cryptowall ransomware in nuclear exploit kits.

Less than a month after its release, researchers at the SANS Internet Storm Center (ISC) spotted the ransomware Cryptowall 4.0 being delivered as part of a nuclear exploit kit (EK).

SANS security researcher Brad Duncan wrote in a November 24 ISC blog post that Cryptowall is usually associated with malicious spam and this is the first time he has noticed a version of the ransomware being delivered by an EK.

Duncan dubbed the cybergang responsible for the attacks the “BizCN gate actor" because the domains it uses have been registered through the Chinese registrar BizCN. Duncan said the group began sending the ransomware in payloads from the EK as early as November 20. 

"Since this information is now public, the BizCN gate actor may change tactics. However, unless this actor initiates a drastic change, it can always be found again,” Duncan said in the post.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS