Experts at Cisco Systems have taken down a group of hackers who drew an estimated $30 million per year by pushing ransomware onto unwary people browsing the Internet.
The disruption was performed by investigators from Cisco Systems' Talos security unit, who at the time was examining the Angler Exploit kit, a tool sold in underground crime forums to people who don't want to go through the trouble of developing and testing exploits themselves. Angler is one of the strongest exploit kits available with the ability to infect 40 percent of the end users it targets using an attack code on vulnerabilities found in in Flash, Java and other browser plug-ins to break in.
“It's one of the most innovative exploit kits available today, but it doesn't have a large footprint from an infrastructure perspective,” the Talos team explained. “Despite not having a large footprint, Angler is able to compromise a significant amount of users, for a presumably small amount of customers.”
The Cisco team noticed a large percent of infected end users were connecting to servers operated by service provider Limestone Networks. After cooperation with Limestone and studying some of the servers carrying out the operation, the experts found that the hackers were steering roughly 90,000 end users a day. If just three percent of its targets paid the ransom demand of $300, the operation would generate more than $30 million in 12 months. This estimate is consistent with log files retrieved from just one of the servers accessed by Cisco’s researchers.
“This is a significant blow to the emerging hacker economy where ransomware and the black market sale of stolen IP, credit card info, and personally identifiable information (PII) are generating hundreds of millions of dollars annually,” the experts said.
Thankfully Cisco Systems shut down the operation before the hackers got even further.
Source: ArsTechnica
Advertisement
Learn more about Electronic Products Magazine
