Here’s a link to an article for Sophos by Paul Ducklin on Ransomware evolution: Another brick in the CryptoWall. As you’d expect, good info on Cryptowall specifically, but also links to info on other ransomware. But also a link to a paper well worth your consideration on how ransomware evolved from 2014 to 2015.
And a neat summary by Paul Ducklin for Sophos of the relationship between the Angler exploit kit and Cryptowall: Angler exploit kit rings in 2016 with CryptoWall ransomware. And by David Bisson for Tripwire: Under the Hood of Cryptowall 4.0.
- http://labs.bitdefender.com/2015/11/russian-hackers-are-behind-cryptowall-4-0-bitdefender-creates-vaccine/
- http://researchcenter.paloaltonetworks.com/2015/11/cryptowall-v4-emerges-days-after-cyber-threat-alliance-report/
- http://www.theregister.co.uk/2015/11/09/cryptowall_40/
- http://www.bleepingcomputer.com/news/security/cryptowall-4-0-released-with-new-features-such-as-encrypted-file-names/
- http://blogs.cisco.com/security/talos/cryptowall-2
- CryptoWall 4.0 Spreading Via Angler Drive-By Download Campaign
- New drive-by allows exploit to plug dreaded ransomware cryptowall 4.0
- The Register: Domination: Crims steal admin logins, infect sites, drop Cryptowall 4 – World’s worst password-stealer + world’s worst exploit kit + world’s worst ransomware.
- Heimdal Security: The Evolution of Ransomware: Is Cryptowall 5.0 Around the Corner?
- http://arstechnica.com/security/2015/12/newest-ransomware-pilfers-passwords-before-encrypting-gigabytes-of-data/
- http://www.zdnet.com/article/new-ransomware-grabs-users-passwords-before-locking-files/
- A double whammy of tech support scam and ransomware hits US, UK users
- Tech support scams redirect to Nuclear EK to spread ransomware – Tech support scammers may have bolstered their arsenal by using the Nuclear exploit kit to drop ransomware onto victims’ computers.
- Help Net Security: A deadly campaign delivers Pony info-stealer followed by Cryptowall ransomware, based on an article from Heimdal Security’s Andra Zaharia.
5th December 2015
- An article from Zeljka Zorz for Help Net Security: A deadly campaign delivers Pony info-stealer followed by Cryptowall ransomware, based on an article from Heimdal Security’s Andra Zaharia. The data stealer Pony is installed on the victim’s PC and forwards credentials to the attackers’ C&C (Command & Control) servers: these username/password combinations are used to compromise legitimate servers by injecting a malicious script, used to send victims to other sites serving the Angler exploit kit (EK). Cryptowall 4.0 is installed on vulnerable systems.
- An article at Heimdal – The Evolution of Ransomware: Is Cryptowall 5.0 Around the Corner? – looks at the ransomware business model and speculates a little on how future versions of Cryptowall might be ‘improved’.
10th December:
Lengthy analysis by Talos/Cisco: Threat Spotlight: Cryptowall 4 – The Evolution Continues
[Back to Ransomware Resource Page]
[Back to Specific Ransomware Families and Types]