Tuesday, 8 December 2015

Hackers are using Nuclear Exploit Kit to Spread Cryptowall 4.0 Ransomware

cryptowall-ransomware-malware
Beware Internet Users!

Cryptowall 4.0 – the newest version of the world's worst Ransomware – has surfaced in the Nuclear exploit kit, one of the most potent exploit kits available in the underground market for hacking into computers.

Ransomware threat has emerged as one of the biggest threats to internet users in recent times. Typically, a Ransomware malware encrypts all files on victim’s computer with a strong cryptographic algorithm, then demand a ransom to be paid in Bitcoin (range between $200 and $10,000).

Cryptowall is currently among the most widespread and sophisticated family of Ransomware backed by a very robust back-end infrastructure.



The recent report dated back to last month suggested that the authors of Cryptowall 3.0 ransomware virus have managed to raise more than $325 Million in revenue in the past year alone.

With the debut of Cryptowall 4.0 at the beginning of this month, ransomware threat has become more sophisticated and advanced as Cryptowall 4.0 is employing "vastly improved" communications as well as better design code so that it can exploit more vulnerabilities.

Cryptowall 4.0 Delivered via Nuclear Exploit Kit


Now less than a month after its release, Cryptowall 4.0 ransomware has been spotted to be delivered as part of a Nuclear Exploit Kit, according to the security researchers at the SANS Internet Storm Center (ISC).

Until recently, Cryptowall 4.0 has been distributed only via malicious spam and phishing emails, but now it has been infecting machines via an Exploit Kit.

SANS security researcher Brad Duncan wrote in a blog post published Tuesday that a cyber criminal working off domains belonging to Chinese registrar BizCN has been spreading the Cryptowall 4.0 ransomware via the Nuclear Exploit Kit.

Duncan said the cyber gang, dubbed the "BizCN gate actor" by him, began distributing the ransomware in payloads from the exploit kit as early as November 20.


Duncan published a whole technical analysis on the SANS ISC website that shows how Nuclear exploit kit infects a vulnerable Windows host.
"Since this information is now public, the BizCN gate actor may change [their] tactics," Duncan said in the post. "However, unless this actor initiates a drastic change, it can always be found again."
Cryptowall 4.0 made its debut earlier this month with upgrades that made it even more challenging for victims to recover files from compromised computers than its predecessor.

Cryptowall 4.0 now not only encrypts the data in your files but also encrypts the file names as well, with vastly improved communication capabilities.

What Should You do if You get Infected by Cryptowall 4.0?


Once your computer is infected by Cryptowall 4.0, unfortunately, there is not much you can do, as the encryption it uses is very strong and almost unbreakable.

The only options you are left with are:
  • Either, Format your computer and restore your data from the backup
  • Or, Pay the Ransom money for decryption key
However, we do not advise you to pay ransom as it does not guarantee that you'll get the decryption key and paying ransom would encourage criminal activities as well.

Prevention is the Best Practice


As I previously recommended, the best defense measure against Ransomware is creating awareness within the organizations, as well as maintaining backups that are regularly rotated.

Most viruses are introduced by opening infected attachments or clicking on links to malware usually contained in spam emails.

So, DO NOT CLICK on suspicious links provided in emails and attachments from unknown sources.

Moreover, ensure that your systems are running the latest version of Antivirus software with up to date malware definitions.