Good news for a change. Cisco just posted that they disabled a cybercrime operation that used the Angler exploit kit to distribute ransomware. The takedown shutttered a global ransomware operation that netted an annual 60 million dollars for the scammers.
Cisco's security unit (called Talos) found out that systems infected with the Angler Exploit Kit were connecting to servers at Limestone Networks in Dallas. The Limestone team worked with Talos to give them insight into Angler’s data flow, scale and how it was managed. Cisco also collaborated with Level 3 Communications and OpenDNS as part of the takedown.
How Cisco did it
According to the blog, Cisco updated their products to stop redirects to the Angler proxy servers. They also released Snort Firewall rules to detect and block access, and published protocols and other information so service providers and their customers can protect themselves.
“This is a significant blow to the emerging hacker economy where ransomware and the black market sale of stolen IP, credit card info and personally identifiable information are generating hundreds of millions of dollars annually,” Cisco stated in their blog post.
Using exploit kits is a particularly nasty way to spread ransomware, because exploit kits rely on unpatched computers and do not need user interaction to infect the machine. Other very popular ways to spread ransomware are phishing attacks which rely on social engineering the end-user to open an infected attachment. The problem with these operations is that cyber criminals are designing their infrastructure from the get-go with the knowledge they are going to be taken down, and build in redundancy and resiliance. In other words, it's game of whack-a-mole because they will be back in business in a few days.
That's why we created this great resource for you: The Ransomware Hostage Rescue Manual.
This manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware. You will also receive a Ransomware Attack Response Checklist and Ransomware Prevention Checklist. You can download it now:
