Hackers rely on other popular exploits to distribute malware
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
February 10, 2015
According to a recent security report released by Cisco, hackers today are relying on other popular exploits to distribute their malware instead of more conventional tools.
In fact, ransomware is now considered one of the most effective methods to encrypt a victim's data and offers a decryption key only after the ransom, often topping thousands of dollars that is paid to the hackers.
For example, in late 2014 the software 'CrytpoWall' asked potential victims for $500 worth of Bitcoins for their data to be released.
And it gets worse. Cisco researchers say writers of CryptoWall 3.0 have also accelerated the need to include its own exploits, with so many popular variations out there.
"The lack of several exploits lately seems to indicate that the malware authors are focusing more on using exploit vectors since the exploit's functionality could be used to gain privilege escalation on the system," the TALOS team said in a Cisco security advisory.
Breaking any step in the attack chain will successfully prevent this attack, the team added.
"Therefore, blocking the initial phishing emails, blocking network connections to known malicious content, as well as stopping malicious process activity are all critical to combating ransomware and preventing it from holding your data hostage."
The Cryptowall writers dumped some of the features introduced into version two and have added functionality including use of the Tor sister I2P network, a function noted in January by independent researchers known as Kafeine and Horge.
Version 2.0, Cisco engineers Andrea Allievi and Earl Carter said last month, sported multiple features to avoid detection by security researchers, some of which are now dropped, and the capability to run 64 bit code from the 32 bit dropper.
New ransomware variants have since emerged to ride the wake of success of Cryptowall and fellow criminal trailblazers.
In fact, OphionLocker reared its ugly head in December 2014, flipping over malicious ad networks and using ecliptic curve cryptography to lock down personal data.
One of the more cunning productions emerged last week in the form of ransomware capable of quietly encrypting and decrypting web databases so that the compromise was not noticed for many months.
The passage of time simply meant that backups would also be encrypted, so that when the decryption key was finally withdrawn, system administrators would have a lot more data to lose if they opted to not pay the ransom and restore from backup tapes.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!