The Angler exploit kit has been upgraded to distribute a mysterious new variant of ransomware based on the TeslaCrypt and AlphaCrypt attack tools.
Rackspace security researcher Brad Duncan reported on the upgrade in a threat advisory on Tuesday, warning that he has already detected infections in the wild. The Angler exploit has been known about for a couple of years now.
"The Angler exploit kit is being used to push a new variant of TeslaCrypt/AlphaCrypt ransomware," read the Rackspace security advisory.
"Last week on 2015-05-07, I started seeing a new variant. This new variant has a pop-up window that uses CTB-Locker-style instructions. This variant doesn't provide a name for itself in the decrypt instructions."
Ransomware is a form of malware that attempts to blackmail victims by locking out users from infected machines and charging a fee to unlock them. In this case the malware demands payment in bitcoins.
The new variant reportedly has similar features to the TeslaCrypt and AlphaCrypt ransomware previously observed being delivered by Angler.
"The traffic appears identical to what we've seen with previous infections from TeslaCrypt and AlphaCrypt. A few hours ago I infected a host from a site using Angler exploit kit and received similar alerts from the network traffic," explained the advisory.
"It was the same file with the same hash each time. However, the bitcoin address for the ransom payment was different for each infected host."
Ransomware is a growing problem facing businesses and end users. The TeslaCrypt and AlphaCrypt variant is one of many new examples of ransomware to appear this year.
Trend Micro reported in March that hackers are developing a polymorphic ransomware known as 'Virlock' that has enhanced file-infection and resurrection powers.
Prior to this, Cisco's Talos Group unearthed the notorious Cryptowall 3.0 ransomware in January.
Analysts at Juniper Research highlighted ransomware as a major threat that will help spearhead a fourfold increase in the cost of cybercrime. The research said that such attacks will cost businesses globally over $2.1tn by 2019.
North Korean hackers reportedly step up their activity as tensions with the US increase
Ice Lake probably won't appear before 2019 at the earliest
Krzanich follows Kevin Plank of Under Armor and Kenneth Frazier of Merck
Release of latest version of Android imminent