Crooks behind the revamped CryptXXX 3.100 ransomware have switched its distribution from the Angler Exploit Kit to the Neutrino Exploit Kit. The sudden change in distribution was spotted on Monday by researchers at the SANS Internet Storm Center.
“This is not the first time we’ve seen campaigns associated with ransomware switch between Angler EK and Neutrino EK,” wrote Brad Duncan, handler at SANS Internet Storm Center. But he said the switch was noteworthy because SANS had not yet seen CryptXXX distributed by Neutrino.
The move comes as security experts report a resurgence of the CryptXXX ransomware that was recently revamped with new encryption algorithm and a new StillerX credential-stealing module that gives attackers additional capabilities to monetize an attack.