Nuclear EK Exits the Malware-as-a-Service Market
Exploit kits have been a major culprit in most ransomware infections, the Nuclear EK being one of the favored malware-as-a-service tools in the hands of cyber criminals. Nuclear EK has been used to spread Locky ransomware which has turned out to be one of the most prevalent and devastating crypto viruses. Nuclear activities saw a sensible decrease at the end of April. According to multiple resources, the exploit kit’s infrastructure is now completely frozen.
Related: Exploit Kit Attacks Throughout 2015
Security firm Check Point, in particular, says that the “death” of Nuclear is due to a detailed and in-depth analysis in two parts they published not too long ago. The first part of the analysis was published a week before Check Point noticed Nuclear’s sudden exodus.
At the end of April, just a few days after our first report was published, the existing Nuclear infrastructure ceased operation entirely – all Nuclear panel instances and the master server stopped serving malicious content and responding to requests from their IP addresses.
Check Point’s vast research of the infamous EK not only gave away the technical site of the operation but also indicated that its operators are likely located in Krasnodar, Russia, making approximately $100,000 a month.
It’s highly likely that Nuclear’s operators got scared and decided to put an end to its money-making machine (and enjoy their illegal profit before it’s too late).
Check Point is not the only security firm that has confirmed the disappearance of Nuclear EK. French researcher Kafeine also noticed its departure, along with Symantec:
The Nuclear exploit kit, which topped April’s list, has dropped out of the top five this month [May], likely due to research that was published in late April, shedding light on the toolkit’s infrastructure and likely leading to disruptions. This follows the disappearance of the Spartan toolkit from our top five list in April. The Spartan toolkit had also previously topped the list of web attacks by toolkit.
Angler EK Is Also Out of the Game
Nuclear is not the only exploit kit that ceased to exist just recently – Angler was also shut down. So, who’s left in the malware-as-a-service market? Neutrino, Magnitude, RIG and Sundown are still being used in malicious operations. Will new EKs emerge? Hopefully not, but by having a look at the dynamic threat landscape, it’s very likely that cyber criminals will quickly come up with other exploit kit pieces.