Here’s a link to an article for Sophos by Paul Ducklin on Ransomware evolution: Another brick in the CryptoWall. As you’d expect, good info on Cryptowall specifically, but also links to info on other ransomware. But also a link to a paper well worth your consideration on how ransomware evolved from 2014 to 2015.
And a neat summary by Paul Ducklin for Sophos of the relationship between the Angler exploit kit and Cryptowall: Angler exploit kit rings in 2016 with CryptoWall ransomware. And by David Bisson for Tripwire: Under the Hood of Cryptowall 4.0.
- CryptoWall 4.0 Spreading Via Angler Drive-By Download Campaign
- New drive-by allows exploit to plug dreaded ransomware cryptowall 4.0
- The Register: Domination: Crims steal admin logins, infect sites, drop Cryptowall 4 – World’s worst password-stealer + world’s worst exploit kit + world’s worst ransomware.
- Heimdal Security: The Evolution of Ransomware: Is Cryptowall 5.0 Around the Corner?
- A double whammy of tech support scam and ransomware hits US, UK users
- Tech support scams redirect to Nuclear EK to spread ransomware – Tech support scammers may have bolstered their arsenal by using the Nuclear exploit kit to drop ransomware onto victims’ computers.
- Help Net Security: A deadly campaign delivers Pony info-stealer followed by Cryptowall ransomware, based on an article from Heimdal Security’s Andra Zaharia.
5th December 2015
- An article from Zeljka Zorz for Help Net Security: A deadly campaign delivers Pony info-stealer followed by Cryptowall ransomware, based on an article from Heimdal Security’s Andra Zaharia. The data stealer Pony is installed on the victim’s PC and forwards credentials to the attackers’ C&C (Command & Control) servers: these username/password combinations are used to compromise legitimate servers by injecting a malicious script, used to send victims to other sites serving the Angler exploit kit (EK). Cryptowall 4.0 is installed on vulnerable systems.
- An article at Heimdal – The Evolution of Ransomware: Is Cryptowall 5.0 Around the Corner? – looks at the ransomware business model and speculates a little on how future versions of Cryptowall might be ‘improved’.
Lengthy analysis by Talos/Cisco: Threat Spotlight: Cryptowall 4 – The Evolution Continues
[Back to Ransomware Resource Page]
[Back to Specific Ransomware Families and Types]