Afraidgate: Major Exploit Kit Campaign Swaps Locky Ransomware for CryptXXX
In mid-April 2016, a campaign using Nuclear Exploit Kit (EK) to distribute Locky ransomware switched to using the Angler EK to install CryptXXX ransomware. This campaign uses gates registered through FreeDNS at afraid.org. We are calling this the Afraidgate campaign. Although we continue to see Locky distributed through malicious spam, we have not noticed Locky from EK traffic since mid-April.
In March 2016, we observed Nuclear EK from the Afraidgate campaign spreading Locky ransomware. A con...