CryptXXX: new ransomware from the actors behind Reveton, dropping via Angler
Revision as of 22:34, 19 April 2016 by Eric.freyssinet (talk | contribs)
(Publication) Google search: [1]
CryptXXX: new ransomware from the actors behind Reveton, dropping via Angler | |
---|---|
Botnet | CryptXXX, Reveton, Bedep |
Malware | |
Botnet/malware group | |
Exploit kits | Angler |
Services | |
Feature | String(s): CryptProjectXXX |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2016 / 2016-04-18 |
Editor/Conference | Proofpoint |
Link | https://www.proofpoint.com/us/threat-insight/post/cryptxxx-new-ransomware-actors-behind-reveton-dropping-angler (Archive copy) |
Author | Kafeine |
Type | Blogpost |
Abstract
“ Proofpoint researchers recently found a previously undocumented ransomware spreading since the end of March through Bedep after infection via the Angler Exploit Kit (EK). Combining our findings with intelligence shared by Frank Ruiz (Fox IT InTELL) lead us to the same conclusion: this project is conducted by the same group that was driving Reveton ransomware operations and is closely tied to Angler/Bedep. Dubbed "CryptXXX", this new ransomware is currently asking a relatively high $500 per computer to unlock encrypted files. Angler is the number one exploit kit by volume, making the potential impact of new ransomware in the hands of experienced actors with access to this vector quite significant.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2016BFR4928, editor = {Proofpoint}, author = {Kafeine}, title = {CryptXXX: new ransomware from the actors behind Reveton, dropping via Angler}, date = {18}, month = Apr, year = {2016}, howpublished = {\url{https://www.proofpoint.com/us/threat-insight/post/cryptxxx-new-ransomware-actors-behind-reveton-dropping-angler}}, }