Pony, Angler, Cryptowall ransomware

Another article from Zeljka Zorz for Help Net SecurityA deadly campaign delivers Pony info-stealer followed by Cryptowall ransomware, based on an article from Heimdal Security’s Andra Zaharia. The data stealer Pony is installed on the victim’s PC and forwards credentials to the attackers’ C&C (Command & Control) servers: these username/password combinations are used to compromise legitimate servers by injecting a malicious script, used to send victims to other sites serving the Angler exploit kit (EK). Cryptowall 4.0 is installed on vulnerable systems.

Another article at Heimdal – The Evolution of Ransomware: Is Cryptowall 5.0 Around the Corner? – looks at the ransomware business model and speculates a little on how future versions of Cryptowall might be ‘improved’.

David Harley


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.