Reveton ransomware switches exploit kits from BlackHole to WhiteHole

Criminals were already moving to other exploit kits soon after the arrest of the author of the infamous BlackHole crimeware kit.

Reveton ransomware was one of the first to move from BlackHole to a newer exploit kit, Whitehole, which emerged on researchers' radars in February.

European Cybercrime Cente head Troels Oerting confirmed the arrest of BlackHole's developer Paunch.

Criminals spread Reveton via crimeware kits by exploiting vulnerable software on users' machines. 

Dell SecureWorks director of security strategy Jeff Williams said that criminals will likely continue to package other exploit kits with BlackHole threats.

“My presumption is that criminals will move to some of these other kits, but I think it's also kind of a warning shot to know that law enforcement are looking actively to keep the perpetrators from carrying out their crimes,” Williams said.

Team Cymru director of security research Steve Santorelli said that the arrest was liable to have a negligible impact on the black market due to the fast moving nature of the exploit business.

“As ubiquitous as [BlackHole] once was – and many new cyber criminals cut their teeth on it and made a lot of money from it – it's last year's technology. In cyber crime terms, that might as well be last century,” he wrote.

Already this month, criminals have turned to easy-to-use toolkits, like Neutrino, Glazunov and Sibhost, he said.

“They thrive because they are so easy to configure and deploy,” Santorelli said. “They often have good help pages, great and fast technical support and a low price point with regular updates. You don't need to know what's under the hood to drive them, and that's why they are so dangerous.”

This article originally appeared at scmagazineus.com