- Oct 23, 2012
- 12,527
Even before the Angler Exploit Kit (EK) shut down operations towards the end of May and start of June, the Nuclear Exploit Kit was dead and gone, according to multiple sources in the security industry.
The Nuclear EK was one of the biggest sources of ransomware infections, being notorious for delivering the Locky ransomware, among many other threats.
The exploit kit was always popular, being one of the top five exploits kits in usage, but around April 30, multiple sources say they stopped seeing any type of activity from Nuclear's infrastructure as if someone had pulled the plug and never returned.
Check Point report leads to Nuclear's shutdown
Check Point says that this happened after the company published an in-depth two-part analysis of the exploit kit's activity. The first of those parts had appeared about a week before security firms noted Nuclear's disappearance.
The Nuclear EK was one of the biggest sources of ransomware infections, being notorious for delivering the Locky ransomware, among many other threats.
The exploit kit was always popular, being one of the top five exploits kits in usage, but around April 30, multiple sources say they stopped seeing any type of activity from Nuclear's infrastructure as if someone had pulled the plug and never returned.
Check Point report leads to Nuclear's shutdown
Check Point says that this happened after the company published an in-depth two-part analysis of the exploit kit's activity. The first of those parts had appeared about a week before security firms noted Nuclear's disappearance.
While the first part sliced up Nuclear's technical mode of operation, the second part that came around mid-May showed a glimpse of the kit's financial side, revealing that EK's authors may be based in Krasnodar, Russia, and were probably making around $100,000 per month.
Check Point's report seems to have scared the crooks operating this malware-as-a-service infrastructure, who opted to merge back into the shadows and enjoy their money.
Other companies confirm Nuclear's disappearance
Besides Check Point, French security researcher Kafeine also noted on Nuclear's demise when he first published news about Angler's shutdown.
A few weeks later, Symantec also noted Nuclear's disappearance, saying, "The Nuclear exploit kit, which topped April’s list, has dropped out of the top five this month, likely due to research that was published in late April, shedding light on the toolkit’s infrastructure and likely leading to disruptions."
After Nuclear and Angler shut down, the exploit kit market has been dominated by the Neutrino EK, followed by Magnitude, RIG, and Sundown