Reveton ransomware switches exploit kits from BlackHole to WhiteHole

By

But author's arrest to have a 'negligible impact' on the black market.

Criminals were already moving to other exploit kits soon after the arrest of the author of the infamous BlackHole crimeware kit.

Reveton ransomware switches exploit kits from BlackHole to WhiteHole

Reveton ransomware was one of the first to move from BlackHole to a newer exploit kit, Whitehole, which emerged on researchers' radars in February.

European Cybercrime Cente head Troels Oerting confirmed the arrest of BlackHole's developer Paunch.

Criminals spread Reveton via crimeware kits by exploiting vulnerable software on users' machines. 

Dell SecureWorks director of security strategy Jeff Williams said that criminals will likely continue to package other exploit kits with BlackHole threats.

“My presumption is that criminals will move to some of these other kits, but I think it's also kind of a warning shot to know that law enforcement are looking actively to keep the perpetrators from carrying out their crimes,” Williams said.

Team Cymru director of security research Steve Santorelli said that the arrest was liable to have a negligible impact on the black market due to the fast moving nature of the exploit business.

“As ubiquitous as [BlackHole] once was – and many new cyber criminals cut their teeth on it and made a lot of money from it – it's last year's technology. In cyber crime terms, that might as well be last century,” he wrote.

Already this month, criminals have turned to easy-to-use toolkits, like Neutrino, Glazunov and Sibhost, he said.

“They thrive because they are so easy to configure and deploy,” Santorelli said. “They often have good help pages, great and fast technical support and a low price point with regular updates. You don't need to know what's under the hood to drive them, and that's why they are so dangerous.”

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

BoM's seven-year technology transformation cost $866m

BoM's seven-year technology transformation cost $866m

Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach

ANZ joins NAB and CBA on ConnectID

ANZ joins NAB and CBA on ConnectID

James Cook University accelerates digital roadmap and cyber uplift

James Cook University accelerates digital roadmap and cyber uplift

Log In

  |  Forgot your password?