Cisco disrupts $60M ransomware biz

Finds Angler servers at a Dallas hosting provider during research

Cisco this week says it disabled a distributor of the Angler ransomware exploit kit, a program that holds victim machines hostage via encryption.

The catch disrupted a global ransomware operation that netted $60 million annually for the perpetrators, Cisco states in a blog post.

+MORE ON NETWORK WORLD: Jane Austen lets the boogie man in: Cisco report+

During research, Cisco's Talos security unit discovered that computers infected with the Angler Exploit Kit were connecting to servers at Limestone Networks, a Dallas hosting provider. Angler encrypts victim machines until the victims pay a sum – a ransom -- to have them decrypted.

Limestone worked with Talos to deliver previously unknown insight into Angler’s data flow, management, and scale. Cisco also collaborated with Level 3 Communications and OpenDNS, a company it is acquiring, to learn more about the activity and devise a defense.

According to the blog, Cisco shut down access for customers by updating products to stop redirects to the Angler proxy servers. The company also released Snort rules to detect and block checks from the health checks, and published protocols and other information so service providers and their customers can protect themselves.

“This is a significant blow to the emerging hacker economy where ransomware and the black market sale of stolen IP, credit card info and personally identifiable information are generating hundreds of millions of dollars annually,” Cisco stated in the blog post.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags cyber crimecisco

More about CiscoLevel 3 Communications

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Jim Duffy

Latest Videos

More videos

Blog Posts