Home / Software & Gaming / Security / £20 million a year ransomware group disrupted by Cisco

£20 million a year ransomware group disrupted by Cisco

Jon Martindale October 7, 2015 Security

Researchers in Cisco Systems Talos security unit who were researching the Angler exploit kit, have taken steps to disrupt the activities of a hacking group that it believes was generating as much as $20 million a year by installing ransomware on people's systems before demanding payment. Now though, Cisco has had malicious servers related to the attacks shut down, blocked Angler proxy servers and released information to the security community to shore up holes in everyone's defences.

The Angler Exploit Kit is a simplistic way for nefarious individuals to attack PCs around the world, without the need to write their own programs. It's one of the more powerful ones too, with an estimated 40 per cent of consumer and enterprise systems currently vulnerable to its exploits. In researching this nasty piece of code though, Cisco discovered that many of its infected victims were being sent through servers operated by a particular provider, Limestone Networks. Since Limestone wasn't maliciously involved, it was able to help researchers follow the trail.

anglerfish
I think I'd rather find one of these in my files. Source: Wikimedia

From there, the researchers were able to inhibit the activities of the group, potentially shutting down an operation that was worth as much as $20 million a year. Cisco arrived at this figure by discovering attacks on as many as 90,000 systems a day. Using some basic maths based on the number of people that tend to pay randomsware and the average price of decryption, it's obvious that the Angler attacks were incredibly lucrative.

But no more. Or at least, not until someone adjusts the attack to counter Cisco's latest defensive line. However as Ars points out, this group was likely only responsible for around half of Angler activity and it can always be purchased on shady forums by someone else. Fortunately it's not too popular. As potent as it is, Cisco doesn't believe it's footprint is anything near the size of some exploit kits out there.

Discuss on our Facebook page, HERE.

KitGuru Says: Randomsware really scares me. As much as I have my precious files and folders backed up safely, the idea that there might be some I could never access again because someone wants to make some quick cash is horrifying. 

Become a Patron!

Tags

Check Also

Marvel Rivals has a major security issue enabling Remote Code Execution

A Remote Code Execution exploit has been discovered in Marvel Rivals, allowing hackers to remotely spread malware through the game.

© Copyright 2025, Kitguru.net All Rights Reserved Standard Terms

We've noticed that you are using an ad blocker.

Thank you for visiting KitGuru. Our news and reviews teams work hard to bring you the latest stories and finest, in-depth analysis.

We want to be as informative as possible – and to help our readers make the best buying decisions. The mechanism we use to run our business and pay some of the best journalists in the world, is advertising.

If you want to support KitGuru, then please add www.kitguru.net to your ad blocking whitelist or disable your adblocking software. It really makes a difference and allows us to continue creating the kind of content you really want to read.

It is important you know that we don’t run pop ups, pop unders, audio ads, code tracking ads or anything else that would interfere with the KitGuru experience. Adblockers can actually block some of our free content, such as galleries!