View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 7, 2015

Massive Angler Exploit ransomware network shutdown by Cisco

News: The kit has helped hackers target up to 90,000 victims a day.

By Nitin Kumar

Cisco has disrupted the spread of the harmful malvertising and ransomware campaigns that are generated by the notorious Angler Exploit Kit.

The Angler Exploit Kit is one of the most advanced and concerning exploit kit in the market which includes small programmes that take advantage of flaws in web browsers and other software.

However, the buyers of the kit have to find their own way to reach their targets which is usually done through hacking and then by installing ransomware or other types of malware into a targeted computer.

Cisco’s Talos security unit discovered that proxy servers used by Angler were located on the servers of service provider Limestone Networks in Dallas, Texas.

According to Cisco, the kit has helped hackers targeting up to 90,000 victims a day, generating more than $30M annually.

After the discovery, Limestone Networks pulled the plug on the servers and provided Cisco with the insight on how Angler worked.

The research effort also involved Level 3 Communications, which allowed Cisco to copy the authentication protocols the Angler criminals use for their interaction with their prey.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

By knowing the protocols security companies will be able to cut off infected computers easily, Cisco said.

After making the discovery Cisco said that it started updating products to stop redirects to the Angler proxy servers.

Cisco also released snort rules to detect and block checks from the health checks, published communications mechanisms including protocols to help other protect themselves and their clients.

Cisco said that it will also be publishing IoCs so that defenders will be able to analyse their own network activity and block access to remaining servers.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.