Threat Management, Incident Response, TDR, Threat Management

Cryptowall 4.0 spotted in nuclear exploit kit

Less than a month after its release, researchers at the SANS Internet Storm Center (ISC) spotted the ransomware Cryptowall 4.0 being delivered as part of a nuclear exploit kit (EK).

SANS security researcher Brad Duncan wrote in a November 24 ISC blog post that Cryptowall is usually associated with malicious spam and this is the first time he has noticed a version of the ransomware being delivered by an EK.

Duncan dubbed the cybergang responsible for the attacks the “BizCN gate actor" because the domains it uses have been registered through the Chinese registrar BizCN. Duncan said the group began sending the ransomware in payloads from the EK as early as November 20. 

"Since this information is now public, the BizCN gate actor may change tactics. However, unless this actor initiates a drastic change, it can always be found again,” Duncan said in the post.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.