Trend Micro researchers claim to have found a connection between the arrest of Pauch, the author of the notorious BlackHole exploit kit, and the CryptoLocker ransomware, a threat that’s currently being distributed via spam runs.
According to experts, before Paunch’s arrest by Russian authorities, cybercriminals used the Cutwail botnet for BlackHole exploit kit spam campaigns.
However, after BlackHole became “extinct” due to the lack of updates, cybercrooks started using Cutwail for Upatre spam runs. Upatre is the downloader that retrieves CryptoLocker onto infected computers.
Trend Micro has observed numerous IPs that have been used to send BlackHole exploit kit spam before the arrest of Paunch, and CryptoLocker spam right after the arrest.
The Cutwail spam botnet is capable of sending out a large number of emails, which is most likely why CryptoLocker infections are becoming more common.
This shift in strategy demonstrates that cybercriminals can quickly find alternatives when one of the tools they're using is neutralized by authorities.