The Angler exploit kit has been upgraded to distribute a mysterious new variant of ransomware based on the TeslaCrypt and AlphaCrypt attack tools.
Rackspace security researcher Brad Duncan reported on the upgrade in a threat advisory on Tuesday, warning that he has already detected infections in the wild. The Angler exploit has been known about for a couple of years now.
"The Angler exploit kit is being used to push a new variant of TeslaCrypt/AlphaCrypt ransomware," read the Rackspace security advisory.
"Last week on 2015-05-07, I started seeing a new variant. This new variant has a pop-up window that uses CTB-Locker-style instructions. This variant doesn't provide a name for itself in the decrypt instructions."
Ransomware is a form of malware that attempts to blackmail victims by locking out users from infected machines and charging a fee to unlock them. In this case the malware demands payment in bitcoins.
The new variant reportedly has similar features to the TeslaCrypt and AlphaCrypt ransomware previously observed being delivered by Angler.
"The traffic appears identical to what we've seen with previous infections from TeslaCrypt and AlphaCrypt. A few hours ago I infected a host from a site using Angler exploit kit and received similar alerts from the network traffic," explained the advisory.
"It was the same file with the same hash each time. However, the bitcoin address for the ransom payment was different for each infected host."
Ransomware is a growing problem facing businesses and end users. The TeslaCrypt and AlphaCrypt variant is one of many new examples of ransomware to appear this year.
Trend Micro reported in March that hackers are developing a polymorphic ransomware known as 'Virlock' that has enhanced file-infection and resurrection powers.
Prior to this, Cisco's Talos Group unearthed the notorious Cryptowall 3.0 ransomware in January.
Analysts at Juniper Research highlighted ransomware as a major threat that will help spearhead a fourfold increase in the cost of cybercrime. The research said that such attacks will cost businesses globally over $2.1tn by 2019.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away