Quick Heal identifies "Cerber Ransomware" delivered from Cosmos Bank's website
Quick Heal has detected that the Cosmos Bank website was compromised with the infamous RIG exploit kit which was delivering “Cerber Ransomware”. The RIG Exploit Kit has been dropping the “Cerber Ransomware” very frequently, of late. Quick Heal learnt about the infection on Cosmos Bank website while analyzing the telemetry information collected from its own users. After reproducing the threat in its own Threat Research Lab on 20th March, 2017, Quick Heal discovered that the Cosmos Bank website was compromised by the RIG Exploit Kit and used as a carrier of the “Cerber Ransomware”. Quick Heal has informed Cosmos Bank on 20th March, 2017 about this incident and had also shared the advisory with Cosmos Bank.
Quick Heal has been constantly monitoring the website since 20th March, 2017 and, according to the latest findings, the Cosmos Bank website is still infected.
Exploit Kits which have surfaced during the past ten years are more intelligently designed software kits that runs on the users/victim’s machine and gathers information from the victim’s machine, finds vulnerability, determines the appropriate exploit and delivers it on the machine usually by drive-by-downloads and starts executing the malware.
Sanjay Katkar, MD & CTO, Quick Heal Technologies, said, “At Quick Heal, we constantly monitor the ever-evolving threat landscape and analyze the detected threats in our labs. We consider it to be our prime responsibility to create awareness on the threat landscape and alert our customers as well as enterprises in preventing these threats.” He further added, “Ransomware remains a major and rapidly-growing threat even in 2017. Quick Heal has been actively monitoring the threat landscape for new ransomwares and their propagation techniques as well as the activities of the existing ransomware and has been capturing this data in its quarter and annual threat reports. To take corrective and timely action against it, we have included the ‘Anti Ransomware feature’ in all our offerings.”
Quick Heal’s “Anti-ransomware feature” uses Quick Heal’s behaviour-based detection that analyzes the behaviour of programs in real time to detect ransomware activity. This helps in detecting and blocking ransomware. As an added layer of protection, this feature also encompasses the “Data Backup and Restore Tool” to back up the data in a secure location and restore the files in case of a ransomware attack.
The “Anti-ransomware feature” is not exclusive to the Quick Heal product line only, but is also an integral feature of all offerings from the “Seqrite” product line.
According to Quick Heal’s Annual Threat Report 2016, it has been observed that ransomware detections on Windows desktops have gone up by 92% from the year before. Reportedly, 14 new Windows ransomware families were discovered in 2016, cementing the fact that ransomware attacks are only increasing. With the increased usage of Android devices, malware targeting them have also grown at an enormous rate. Mobile ransomware on Android platform has clocked a 450% increase from Q1 to Q4 in 2016, while mobile banking Trojan has shown a 110% rise. It has also been found that detections of almost all the vulnerability types have been higher in 2016 when compared with those in 2015.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.