Computer Security Security Researchers Disrupt Ransomware Attackers...

Security Researchers Disrupt Ransomware Attackers Campaign, Looking to Lose $34 Million in Revenue

ransomware attackers disruptedAttackers who have dished out about half of recent ransomware threats have had their campaign disrupted, and they look to losing about $34 million in revenue.

The disruption of a massive ransomware campaign that is reportedly responsible for 50% of all deployments of ransomware through the Angler exploit kit have left attackers in a case where they could lose $34 million of their revenue by the end of the year. Through the use of servers from the infrastructure of the cloud service provider, Limestone Networks, the criminal group behind a large ransomware operation was able to create the largest delivery platform known.

Ransomware threats continue to be an emerging type of malware that utilizes clever techniques to hold an infected PC for ransom while the attackers welding such threats collect money from computer users who succumb to such campaigns. As we know all-too-well, recent ransomware threats have taken on new methods to encrypt files on an infected system and then offer a decryption key for a high price for supposedly restoring those encrypted files to their original state. With the disruption of attackers responsible for nearly half of ransomware threats being delivered across the globe, we speculate there will be a momentary decline in activity of the spread of ransomware threats.

Cisco's researchers were able to stop the activity performed by a single group of cyber crooks in their actions of distributing ransomware threats by use of clever malware in the form of the well-known Angler exploit kit. The attackers were found to utilize one single server, which is where the Angler exploit kit was delivered from. The serer was hidden by a network of 147 proxy servers, which were installed on the compromised Limestone Networks infrastructure.

Through the examination of Cisco's obtained data in their efforts to stop the attacks, the campaign was serving over 9,000 users the Angler exploit kit each day on each of the 147 proxy servers. Adding everything up it was found that 529,000 computers were infected each month, and 62% of the Angler victims were infected with ransomware.

Utilizing a formula that takes into count that 2.9% of the victims paid up the ransom from their ransomware infection scheme, it comes out to an average of $300 for each victim and adds up to nearly $3 million in revenue a month for the attackers. That's about $34 million in revenue the attackers could see if their plan continued on for a year's time taking into account any variations over the spread of the year yielding an even greater number.

We have reported on the Angler exploit kit and concluded that it is a widely-used hacking tool that searchers for Java and Flash Player vulnerabilities. With the attackers responsible for about half of all ransomware threats armed with this tool, it gives them an upper hand at effectively spreading such threats throughout the world. Now with the attacker's ransomware campaign meeting its demise, other hacker groups may take up the slack and see the potential for using the Angler exploit kit, which is still readily available at the moment.

Loading...