Quick Heal Detects ‘Cerber Ransomware’ delivered from an Indian Bank’s website
Quick Heal Technologies Limited has detected that the Cosmos Bank website was compromised with the infamous RIG exploit kit which was delivering ‘Cerber Ransomware’.The RIG Exploit Kit has been dropping the ‘Cerber Ransomware’ very frequently, off late. Quick Heal learnt about the infection on Cosmos Bank website while analyzing the telemetry information collected from its own users. After reproducing the threat in its own Threat Research Lab. on 20th March, 2017, Quick Heal discovered that the Cosmos Bank website was compromised by the RIG Exploit Kit and used as a carrier of the ‘Cerber Ransomware’. Quick Heal has informed Cosmos Bank on 20th March, 2017 about this incident and had also shared the advisory with Cosmos Bank. It must be noted that Cosmos Bank is not the creator of the ransomware but a victim.
Quick Heal has been constantly monitoring the website since 20th of March, 2017 and according to the latest findings (as we share this information), the Cosmos Bank website is still infected.
Websites have become easy targets for malware writers to spread malware and it is not uncommon for a website to be compromised by more than one type of malware. Exploit Kits which have surfaced during the past 10 years are more intelligently designed software kits that runs on the users/victim’s machine and gathers information from the victim’s machine, finds vulnerability, deter- mines the appropriate exploit and delivers it on the machine usually by drive-by-downloads and starts executing the malware.