New ransomware stealing digital wallets

News by Greg Masters

A new barrage of ransomware, capable of siphoning off digital wallets from Windows users, has been detected.

A new barrage of ransomware, capable of siphoning off digital wallets from Windows users, has been detected, according to a blog post from Heimdel Security.

The first wave of malware includes Pony, which steals usernames and passwords and sends the data to attacker-run C&C servers. Once armed with this data, the miscreants gain access to servers and CMS systems which broadly disseminates the malicious script.

Next, victims' web sessions are highjacked so they are brought to a variety of domains onto which the notorious, off-the-shelf exploit kit Angler is dropped. The kit – able to integrate zero-day vulnerabilities and a number of other exploits – then scans for flaws in Windows and other software that is not up to date. When it finds an entryway, Angler takes advantage to force-feed CryptoWall 4.0 into victims' systems.

The assault reportedly originated from Ukraine and first infected computers in Denmark, but has spread beyond Europe. 

Angler is particularly nasty as it can evade detection by traditional AV products.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop