The RIG Exploit Kit has been dropping the ‘Cerber Ransomware’ very frequently of late. Quick Heal learnt about the infection on Cosmos Bank website while analyzing the telemetry information collected from its own users. After reproducing the threat in its own Threat Research Lab a few days back, Quick Heal discovered that the Cosmos Bank website was compromised by the RIG Exploit Kit and used as a carrier of the ‘Cerber Ransomware’.
Exploit Kits which have surfaced during the past 10 years are more intelligently designed software kits that runs on the users/victim’s machine and gathers information from the victim’s machine, finds vulnerability, determines the appropriate exploit and delivers it on the machine usually by drive-by-downloads and starts executing the malware.
Quick Heal informed Cosmos Bank on 20th March, 2017 about this incident and had also shared the advisory with Cosmos Bank. It must be noted that Cosmos Bank is not the creator of the ransomware but a victim.
Quick Heal has been constantly monitoring the website since 20th of March, 2017 and according to the latest findings, the Cosmos Bank website may still be infected.
Websites have become easy targets for malware writers to spread malware and it is not uncommon for a website to be compromised by more than one type of malware.
As per the information gathered by Quick Heal labs; malware launched by the RIG Exploit Kit are not focused on any particular website or industry. Such campaign based exploit kits, especially; the RIG Exploit Kit targets individual users.
Sanjay Katkar, MD and CTO of Quick Heal said, “At Quick Heal we constantly monitor the ever evolving threat landscape and analyze the detected threats in our labs. Ransomware remains a major and rapidly growing threat even in 2017. Quick Heal has been actively monitoring the threat landscape for new ransomwares and their propagation techniques as well as the activities of the existing ransomware and has been capturing this data in its quarter and annual threat reports. To take corrective and timely action against it, we have included the ‘Anti Ransomware feature’ in all our offerings.”
According to Quick Heal’s Annual Threat Report 2016, it has been observed that ransomware detections on Windows desktops have gone up by 92 percent from the year before. Reportedly, 14 new Windows ransomware families were discovered in 2016, cementing the fact that ransomware attacks are only increasing.
With increased usage of Android devices, malware targeting them have also grown at an enormous rate. Mobile ransomware on Android platform has clocked a 450 percent increase from Q1 to Q4 in 2016 while mobile banking Trojan has shown a 110 percent rise. It has also been found that detections of almost all the vulnerability types have been higher in 2016 when compared with those in 2015.