Cosmos Bank’s website compromised by ‘Cerber Ransomware’: Quick Heal Report

Quick Heal Technologies Limited has detected that the Cosmos Bank website was compromised with the infamous RIG exploit kit which was delivering ‘Cerber Ransomware’. The RIG Exploit Kit has been dropping the ‘Cerber Ransomware’ very frequently, off late. Quick Heal learnt about the infection on Cosmos Bank website while analyzing the telemetry information collected from its own users. After reproducing the threat in its own Threat Research Lab. on 20th March, 2017, Quick Heal discovered that the Cosmos Bank website was compromised by the RIG Exploit Kit and used as a carrier of the ‘Cerber Ransomware’. Quick Heal has informed Cosmos Bank on 20th March, 2017 about this incident and had also shared the advisory with Cosmos Bank. It must be noted that Cosmos Bank is not the creator of the ransomware but a victim.

Quick Heal has been constantly monitoring the website since 20th of March, 2017 and according to the latest findings (as we share this information), the Cosmos Bank website is still infected.

Websites have become easy targets for malware writers to spread malware and it is not uncommon for a website to be compromised by more than one type of malware. Exploit Kits which have surfaced during the past 10 years are more intelligently designed software kits that runs on the users/victim’s machine and gathers information from the victim’s machine, finds vulnerability, determines the appropriate exploit and delivers it on the machine usually by drive-by-downloads and starts executing the malware.

As per the information gathered by Quick Heal labs; malware launched by the RIG Exploit Kit are not focused on any particular website or industry. Such campaign based exploit kits, especially; the RIG Exploit Kit targets individual users.

Sharing an insight into the ‘Cerber Ransomware’ detection,Sanjay Katkar, MD & CTO, Quick Heal Technologies Limited said; “At Quick Heal we constantly monitor the ever evolving threat landscape and analyze the detected threats in our labs. We consider it to be our prime responsibility to create awareness on the threat landscape and alert our customers as well as enterprises in preventing these threats.” He further added; “Ransomware remains a major and rapidly growing threat even in 2017. Quick Heal has been actively monitoring the threat landscape for new ransomwares and their propagation techniques as well as the activities of the existing ransomware and has been capturing this data in its quarter and annual threat reports. To take corrective and timely action against it, we have included the ‘Anti Ransomware feature’ in all our offerings.”

Quick Heal’s ‘Anti-ransomware feature’ uses Quick Heal’s behavior-based detection that analyzes the behavior of programs in real time to detect ransomware activity. This helps in detecting and blocking ransomware. As an added layer of protection, this feature also encompasses the ‘Data Backup and Restore Tool’ to back up the data in a secure location and restore the files in case of a ransomware attack.

The ‘Anti-ransomware feature’ is not exclusive to the Quick Heal product line only, but is also an integral feature of all offerings from the ‘Seqrite’ product line. ‘Seqrite’ is Quick Heal’s enterprise security solutions brand. ‘Seqrite’ products are designed to simplify security management across endpoints, mobile devices, servers and networks.

According to Quick Heal’s Annual Threat Report 2016, it has been observed that ransomware detections on Windows desktops have gone up by 92% from the year before. Reportedly, 14 new Windows ransomware families were discovered in 2016, cementing the fact that ransomware attacks are only increasing. With increased usage of Android devices, malware targeting them have also grown at an enormous rate. Mobile ransomware on Android platform has clocked a 450% increase from Q1 to Q4 in 2016 while mobile banking Trojan has shown a 110% rise. It has also been found that detections of almost all the vulnerability types have been higher in 2016 when compared with those in 2015.

Related posts

Canon India with JIM enhances its Training Program Under Skill India Initiative


IFS to acquire Copperleaf


Navigating the Deepfakes Challenge with Proactive measures