Cisco Talos and Godaddy Bring Down Ransomware Malvertising Server

Over the past few months, there have been multiple malvertising campaigns.The primary objective of these campaigns is to infect Internet users with ransomware and other malware. Cisco’s Talos Group successfully shut down one of these campaigns, which was relying on the Neutrino Exploit Kit. A significant success for security researchers, albeit the war is far from over.

Bringing Malvertising To An End

Malvertising is not a trend that will be brought to an end overnight. These campaigns can be created with a few clicks – so to speak – yet take weeks, if not months, of careful planning before being brought to an end. In the case of this particular malvertising campaign, it took two weeks to weed out this threat.

It is well worth noting how the campaign creators heavily relied on the Neutrino exploit kit. Some readers may recall this name, as it is the preferred way of spreading Bitcoin ransomware on a large scale. That was also the primary objective of this malvertising campaign, as the people behind it wanted to make as much money from malware as possible.

Cisco’s security experts managed to bring down the campaign, by collaborating with Godaddy. As it turns out, the server hosting the exploit kit was located in Russia. Internet users who were trying to access legitimate websites would be redirected to this server. In the background, the exploit kit would look for weaknesses on the computer to install different types of ransomware.

According to statistics provided by Cisco Talos, nearly 0.1% of all website visitors may have been infected with ransomware. Although it remains unknown how many hits this server was receiving during its operations, that percentage indicates a substantial amount of potential victims.

Cybercriminals see malvertising as a great way to inflict a lot of damage on computers. Moreover, by distributing ransomware, they have a fair chance of making a lot of money. These types of campaigns will continue to become far more common, as criminals can exploit the growth in popularity of online advertising.

Source: Dark Reading

Header image courtesy of Shutterstock