Cisco’s Security Team Puts The Kibosh On Payment Ransomware

Cisco’s Talos security unit has put an end to one of the most notorious payments exploits that has plagued over 90,000 Internet users every day and extorts over $34 million every year at a mere 50 percent efficiency rate.

The exploit called the “Angler Exploit Kit,” which was sold in Internet forums, was used by buyers to hack into other computers by attacking the vulnerabilities of Web browsers and other software through a range of methods, such as spoof emails and false advertising.

Once control over the target computer is achieved, a hacker could install malware tools, such as ransomware, onto a user’s computer and utilize it to encrypt files and then extort money to release it.

About 62 percent of Angler infections delivered ransomware. The average user would then be asked to pay about $300 in ransom, which would translate to an annual income of $34 million or more.

“This is the most advanced and concerning exploit kit on the market — designed to bypass security devices and, ultimately, attack the largest number of devices possible,” a Talos report said.

In partnership with OpenDNS, a company which offers phishing protection, the Talos team unrooted the malware by tracing an inordinate number of proxy servers that were being used by Angler on Limestone Networks servers, a server hosting company in Dallas, Texas, Talos said.

After zeroing in on its root, Limestone killed the network by pulling the plug on the servers which were being used by Angler.

Upon analysis of health monitoring servers that conduct health checks, remotely erase log files and analyze malware exploits, it was found that a single health server was monitoring over 147 proxy servers and collected over $3 million in a month, generating an income of $30,000,000 annually, just from ransomeware.

“The monetization of the malware economy has continued to evolve over the last several years. Every single year we see small innovations that lead towards the occasional major advance,” Cisco said in a blog post. “Today, we’re seeing the results of years of major advances being combined with a drive by download vector to form one of the most effective and profitable attacks facing the Internet.”

To check out what else is HOT in the world of payments, click here.



Five days of intimate interviews and streaming TV shows ‘starring’ the smartest people in payments.
The economy is slowly reopening on a changed world where “business unusual” is now just “business.” Tune in as PYMNTS CEO Karen Webster and special guests from across the payments universe ditch “digital optional” and bring on the digital-first engagements buyers and sellers really want. Join experts in a series of live conversations rethinking business models, customer experiences, payments choice, verticals…everything.