Quick Heal Technologies Limited has detected that the Cosmos Bank website was compromised with the infamous RIG exploit kit which was delivering ‘Cerber Ransomware’.The RIG Exploit Kit has been dropping the ‘Cerber Ransomware’ very frequently, off late. Quick Heal learnt about the Heal discovered that the Cosmos Bank website was compromised by the RIG Exploit Kit and used as a carrier of the ‘Cerber Ransomware’. Quick Heal has informed Cosmos Bank on 20th March, 2017 about this incident and had also shared the advisory with Cosmos Bank. It must be noted that Cosmos Bank is not the creator of the ransomware but a victim.
Quick Heal has been constantly monitoring the website infection on Cosmos Bank website while analyzing the telemetry information collected from its own users. After reproducing the threat in its own Threat Research Lab. on 20th March, 2017, Quick since 20th of March, 2017 and according to the latest findings (as we share this information), the Cosmos Bank website is still infected.
Websites have become easy targets for malware writers to spread malware and it is not uncommon for a website to be compromised by more than one type of malware. Exploit Kits which have surfaced during the past 10 years are more intelligently designed software kits that runs on the users/victim’s machine and gathers information from the victim’s machine, finds vulnerability, determines the appropriate exploit and delivers it on the machine usually by drive-by-downloads and starts executing the malware.
Sanjay Katkar, MD & CTO, Quick Heal Technologies Limited said; “At Quick Heal we constantly monitor the ever evolving threat landscape and analyze the detected landscape and alert our customers as well as enterprises in preventing these threats in our labs. We consider it to be our prime responsibility to create awareness on the threat threats.” He further added; “Ransomware As per the information gathered by Quick Heal labs; malware launched by the RIG Exploit Kit are not focused on any particular website or industry. Such campaign based exploit kits, especially; the RIG Exploit Kit targets individual users.
Sharing an insight into the ‘Cerber Ransomware’ detectionremains a major and rapidly growing threat even in 2017. Quick Heal has been actively monitoring the threat landscape for new ransomwares and their propagation techniques as well as the activities of the existing ransomware and has been capturing this data in its quarter and annual threat reports. To take corrective and timely action against it, we have included the ‘Anti Ransomware feature’ in all our offerings.”
Quick Heal’s ‘Anti-ransomware feature’ uses Quick Heal’s behavior-based detection that analyzes the behavior of programs in real time to detect ransomware activity. This helps in detecting and blocking ransomware. As an added layer of protection, this feature also encompasses the ‘Data Backup and Restore Tool’ to back up the data in a secure location and restore the files in case of a ransomware attack.
The ‘Anti-ransomware feature’ is not exclusive to the Quick Heal product line only, but is also an integral feature of all offerings from the ‘Seqrite’ product line. ‘Seqrite’ is Quick Heal’s enterprise security solutions brand. ‘Seqrite’ products are designed to simplify security management across endpoints, mobile devices, servers and networks.
According to Quick Heal’s Annual Threat Report 2016, it has been observed that ransomware detections on Windows desktops have gone up by 92% from the year before. Reportedly, 14 new Windows ransomware families were discovered in 2016, cementing the fact that ransomware attacks are only increasing. With increased usage of Android devices, malware targeting them have also grown at an enormous rate. Mobile ransomware on Android platform has clocked a 450% increase from Q1 to Q4 in 2016 while mobile banking Trojan has shown a 110% rise. It has also been found that detections of almost all the vulnerability types have been higher in 2016 when compared with those in 2015
About Quick Heal Technologies Limited
Quick Heal Technologies Limited is one of the leading providers of security software products and solutions in India. Incorporated in 1995 with a registered office in Pune, Quick Heal has over 1,350 employees and a network of over 17,000 channel partners on 31st December 2016. It conducts sales and marketing activities out of 64 offices and warehouses across 36 cities in India and, through its subsidiaries that are present in Japan, Dubai and Kenya.
Quick Heal’s portfolio includes solutions under the widely recognized brand names ‘Quick Heal’ and ‘Seqrite’ across various operating systems and devices. Since its incorporation, more than 24.5 million licenses of Quick Heal’s products have been installed and Quick Heal has over 7.6 million active licenses spread across more than 80 countries as on 31st December, 2016.