The CryptoWall 4.0 ransomware is being spread via exploit kits, with the Nuclear exploit kit (EK) being the first major crimekit to infect machines with this type of malware, Rackspace security researcher Brad Duncan has discovered.
In a blog post published by the SANS Internet Storm Center, Duncan explains that the “BizCN gate” actor has started sending CryptoWall 4.0 payloads from the Nuclear EK on Friday, November 20. The BizCN gate actor has been known to distribute malware via the Nuclear EK, but started using CryptoWall only on November 19, when the ransomware in the payload was at version 3.0.
