Researchers in Cisco Systems Talos security unit who were researching the Angler exploit kit, have taken steps to disrupt the activities of a hacking group that it believes was generating as much as $20 million a year by installing ransomware on people’s systems before demanding payment. Now though, Cisco has had malicious servers related to the attacks shut down, blocked Angler proxy servers and released information to the security community to shore up holes in everyone’s defences.
The Angler Exploit Kit is a simplistic way for nefarious individuals to attack PCs around the world, without the need to write their own programs. It’s one of the more powerful ones too, with an estimated 40 per cent of consumer and enterprise systems currently vulnerable to its exploits. In researching this nasty piece of code though, Cisco discovered that many of its infected victims were being sent through servers operated by a particular provider, Limestone Networks. Since Limestone wasn’t maliciously involved, it was able to help researchers follow the trail.
From there, the researchers were able to inhibit the activities of the group, potentially shutting down an operation that was worth as much as $20 million a year. Cisco arrived at this figure by discovering attacks on as many as 90,000 systems a day. Using some basic maths based on the number of people that tend to pay randomsware and the average price of decryption, it’s obvious that the Angler attacks were incredibly lucrative.
But no more. Or at least, not until someone adjusts the attack to counter Cisco’s latest defensive line. However as Ars points out, this group was likely only responsible for around half of Angler activity and it can always be purchased on shady forums by someone else. Fortunately it’s not too popular. As potent as it is, Cisco doesn’t believe it’s footprint is anything near the size of some exploit kits out there.
Discuss on our Facebook page, HERE.
KitGuru Says: Randomsware really scares me. As much as I have my precious files and folders backed up safely, the idea that there might be some I could never access again because someone wants to make some quick cash is horrifying.