Palo Alto Networks

Nuclear EK

Afraidgate: Major Exploit Kit Campaign Swaps Locky Ransomware for CryptXXX

In mid-April 2016, a campaign using Nuclear Exploit Kit (EK) to distribute Locky ransomware switched to using the Angler EK to install CryptXXX ransomware. This campaign uses gates registered through FreeDNS at afraid.org. We are calling this the Afraidgate campaign. Although we continue to see Locky distributed through malicious spam, we have not noticed Locky from EK traffic since mid-April.

In March 2016, we observed Nuclear EK from the Afraidgate campaign spreading Locky ransomware. A con...

Apr 28, 2016

Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.