Podcast Summary
The Dark Side of Ransomware: Exploit Kits and Supply Chains: Protect yourself from ransomware by updating software, being cautious online, and investing in cybersecurity measures for your business. Exploit kits like Angler are just one part of a larger criminal supply chain on the dark web.
Ransomware is a type of malware that announces its presence by locking down a computer until the victim pays a fee. It has affected businesses, governments, individuals, and even mobile phone operators worldwide. Angler is an exploit kit found on the dark web designed to exploit vulnerabilities in out-of-date software. Criminals, like Zain Qaiser, who used Angler's exploits to install ransomware, are part of a larger supply chain that exists in the dark parts of the internet. This highlights the importance of keeping software up to date and being vigilant when visiting websites. Businesses must also invest in cybersecurity measures to prevent costly ransomware attacks.
The Threat of Angler Exploit Kit and its Partnership with Zain Qaiser: Outdated software is vulnerable to Angler Exploit Kit, which can lead to the theft of sensitive data and wipe out everything on your computer. Zain Qaiser partnered with Russian makers of Angler to infect many computers, leading to potential loss of profits and sensitive data.
Angler Exploit Kit is a type of malware that searches for vulnerabilities in outdated software on your computer to access and execute malicious commands. It may use a Use After Free vulnerability, where the program has freed some data but still has a reference to that memory. Exploits could lead to stealing important data or passwords, joining a botnet, or wiping out everything on your computer. Zain Qaiser, using his social engineering skills, contacted the Russian makers of Angler and formed a partnership with them. They provided the malware, and he helped infect many computers, splitting the profits with the Russians. If you have outdated software and visit a website running Angler, your computer could be infected in seconds and begin deleting files.
Malvertising and the Weaponization of Angler with Reveton Ransomware: Malicious actors utilize popular websites and online ads to infect victim's computers with ransomware, utilizing the tactic of paying for ads to generate traffic and quick results.
Malvertising is a type of online attack where attackers purchase online ads on popular websites and embed malicious code in them. This allows the malware to infect the victim's computer. Zain weaponized Angler with Reveton ransomware, which targeted people visiting porn sites. The malware encrypted the user's hard drive with a password, and the victim had to pay money to get that password to decrypt it. Zain bought online ads pointing people to his malicious website. He acted as a legitimate advertiser looking to purchase advertising space on some of the biggest pornography sites in the world. By paying for ads, he was buying traffic to his site and paid traffic got fast results.
Updating Software and Being Vigilant can Keep Malware at Bay: Regularly updating software and staying vigilant against phishing scams and suspicious activities can prevent potential malware infections and data breaches.
Always update your software as malware like Angler Exploit Kit can infect vulnerable systems with ease. Angler is difficult to detect as it constantly changes domains and IPs, encrypts all traffic and changes the way it looks to avoid matching string detection. Additionally, it can exploit vulnerabilities and execute commands without leaving any trace. Reveton, a ransomware preferred by cybercriminals like Zain, uses social engineering techniques by pretending to be official police notices and extorts money from victims by exploiting their fears and emotions. It relies on victim's shame, embarrassment or fear of exposure. The ransom is not too high to be unaffordable and not too low to be worthless.
The Use of Prepaid Cards and Liberty Reserve in Cyber-Crime: Cyber-criminals utilized GreenDot MoneyPak prepaid cards and Liberty Reserve to anonymously receive and transfer money without any real credentials or proof. These methods were used by a middle man to collect ransomware payments and transfer them to associates in Russia.
GreenDot MoneyPak prepaid cards were the ideal method for anonymous internet criminals to accept money from their victims and the US is the world’s biggest user of these cards. Liberty Reserve was favored by a lot of cyber-criminals to transfer money quickly, privately, and online since an account at Liberty Reserve didn’t ask someone for their real credentials, proof, identity, or anything to transfer money. Raymond, the middle man, used these cards to cash the ransomware payments and to transfer the money to Zain through Liberty Reserve, who collected the money, and then use to transfer it to his Russian associates.
The Complex Process of Laundering Cash Through Digital Currency and Porn Ads: Criminals use middlemen exchanges and online ads to convert illegal funds into digital currency. Combating cybercrime requires cooperation among law enforcement agencies across borders.
The process of converting criminally-obtained cash into digital currency through middlemen exchanges and Liberty Reserve was used by Zain, Raymond, and Russian coders to launder money from ransomware attacks. Zain received 70% of the ransom payments and used the money to buy ads on porn sites, which increased traffic and resulted in more ransomware attacks. The operation involved multiple teams creating and deploying the malware, laundering the money, and structuring the gang network. However, the police, including the Trend Micro eCrimes Unit, The European Cybercrime Centre at Europol, and Interpol, worked together to arrest the gang responsible for making the Reveton ransomware in Spain, leading to the seizure of computers, equipment, and credit cards. The supply chain for malware as a business is complex and requires coordination among multiple parties.
The Downfall of Liberty Reserve and its Impact on Criminal Activity: The shutdown of Liberty Reserve and arrest of its owners hindered criminals like Zain from using the platform to launder money and collect ransom payments, but it did not completely eradicate their illegal actions.
The fall of Liberty Reserve, a black-market bank intentionally created to facilitate criminal activity, exposed the money laundering activities of the Russian crime group behind Zain and Raymond. Zain continued to switch to different crypto-currency platforms and threaten ad agencies, but the authorities pieced together his scam from Liberty data and launched a DDoS attack on advertising sites where he placed his ads. The arrest of Liberty Reserve's owners and employees, along with the seizure and shutdown of the website, cut off Zain's ability to convert ransom payments through the site. However, Zain was not affected by the Spanish police operation against the gang behind Reveton ransomware.
The downfall of a hacker and the power of digital forensics in capturing cyber criminals.: Digital forensics is a crucial tool in bringing cyber criminals to justice by uncovering their connections and evidence linking them to their crimes. It highlights the impact of cyber crime on businesses and institutions.
Zain was a hacker who conducted DDoS attacks against advertising companies to disrupt their business and generate ransomware from the Angler kit. He was arrested twice by the police, but released the first time due to lack of evidence. The second time, the police seized his MacBook Pro, revealing his connection with the Russian creators of Angler through over 3,000 chat logs and almost one million images. Digital forensics played a crucial role in capturing Zain. The cool dashboards of Angler and Reveton software added to his downfall when copies of the control dashboard were found. The interconnectedness of different cyber attacks across the globe was highlighted, showcasing the impact of cyber crime on businesses and institutions.
The Reveton Ransomware Scam and its Profitable Operation: Cybercriminals can make substantial profits through ransomware scams, targeting individuals with no IT support and laundering money through cryptocurrencies. Be cautious and seek assistance in case of a ransomware attack.
The Reveton ransomware scam was a big operation that earned the mastermind Zain at least $16,000 a month, with potential for much higher profits considering multiple adverts running per month. The victims, mostly individuals with no IT departments to advise them, likely had a high percentage of paying the ransom, potentially way higher than the estimated business average of 40%. Zain used crypto-currencies and laundered the money through Raymond, who was charged with conspiracy to commit money laundering and sentenced to 18 months in jail. Zain made personal profits of almost $900,000 before being arrested in 2017. The scam involved purchasing web traffic and bidding for advert slots, and the NCA estimated Zain moved at least five million dollars across five years.
Beware of Sextortion Scams by Cybercriminals: Don't fall for sextortion scams. While it's possible that your personal information might be exposed online, it does not necessarily mean embarrassment or shame. Also, cybercriminals can use their technical skills positively.
Cybercriminals are now using sextortion scams which are growing in popularity. These scams involve sending emails with threats of revealing personal information obtained through webcams, and demanding money in exchange for secrecy. It is hard to know what to do when faced with such situations, but most of them are scams. While it's true that your email and password might be out there on the darknet, it isn't necessarily proof of anything embarrassing. People with advanced technical skills like Zain could choose to use them for good instead of engaging in criminal activities. Unfortunately, Zain will most likely have a hard time getting a good job even after serving his sentence, due to the labels attached to his name.
