Earlier than expected - but similar to Cryptowall 3.0 - a few weeks after its release, Cryptowall 4.0 ransomware is now delivered via the Nuclear Exploit Kit, (NEK) according to the security researchers at the SANS Internet Storm Center (ISC). Initially, Cryptowall 4.0 has been distributed only via malicious spam and phishing emails, but now it has expanded infecting machines via a popular and powerful Exploit Kit.SANS security researcher Brad Duncan wrote in a blog post published Tuesday that a cyber criminal working off domains belonging to Chinese registrar BizCN has been spreading the Cryptowall 4.0 ransomware via the NEK. Duncan said the cyber gang, which he dubbed the "BizCN gate actor", began distributing the ransomware in payloads from the exploit kit as early as November 20. Duncan published a whole technical analysis on the SANS ISC website which shows how Nuclear exploit kit infects a vulnerable Windows host. More at SANS:
Preventing ransomware infections get hard with these exploit kits, unless you provide effective security awareness training to users, minimize the attack surface on workstations, patch known vulnerabilities almost immediately, and if these measures fail, have a rock-solid backup strategy in place.
