Understanding the steps an attacker takes as time progresses can often be slow, tedious, and sometimes leave an analyst with impossible questions to answer. As many know, exploit kit and malware authors constantly evolve their tactics to avoid detection by security products. At ProtectWise, we work hard to put all the pieces together for our customers to clearly show each step of an attack. This screencast shows a real world attack by the CryptoWall ransomware as it progresses over time. The attack on the host occurred due to an Adobe Flash exploit delivered from the Angler Exploit Kit. The host was then successfully infected with the CryptoWall ransomware, subsequently encrypting it and holding it hostage.
Next blog post