Application security, Threat Management, Malware

Ransomware migrates from Angler to Neutrino

Following the shuttering of the Necurs botnet, used to send out malicious email blasts delivering Locky and Dridex, a number of security researchers noticed a subsequent drop in Angler exploit kits and other malware campaigns.

But, early last week, researchers at SANS ISC and Malwarebytes observed that campaigns were now using Neutrino EK to distribute CryptXXX ransomware, which had previously only been observed dropping via Angler EK.

Concurrently, a researcher at Proofpoint, noted that Angler EK activity ceased after June 7, which the company has since corroborated.

"Shifting from one exploit kit to another is nothing new and threat actors may even use more than one regularly," the researchers at Proofpoint said.

Despite the reduction in activity, though, the Proofpoint researchers expect the lull to eventually give way to an increase in ransomware. "As long as there is money to be made, threat actors will continue to innovate," they said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.