Security researchers at Cisco Talos and Check Point have published reports detailing the inner workings of Nuclear, an "exploit kit" Web service that deployed malware onto victims' computers through malicious websites. While a significant percentage of Nuclear's infrastructure has been recently disrupted, the exploit kit is still operating—and looks to be a major contributor to the current crypto-ransomware epidemic.
Introduced in 2010, Nuclear has been used to target millions of victims worldwide, giving attackers the ability to tailor their attacks to specific locations and computer configurations. Though not as widely used as the well-known Angler exploit kit, it has been responsible for dropping Locky and other crypto-ransomware onto more than 140,000 computers in more than 200 countries, according to statistics collected by Check Point. The Locky campaign appeared to be placing the greatest demand on the Nuclear pay-to-exploit service.