‘Burrp’, a popular local food and restaurant recommendation website based in India, is infected with a notorious malware called Angler Exploit Kit, according to security solution provider Norton.
In a press release, Norton said, “Burrp was compromised to redirect users to the Angler exploit kit (EK) in order to deliver the TeslaCrypt ransomware. Cyber criminals took over users’ computers and encrypted their files. They also demanded a ransom for decrypting the files.”
“The site has been sending users to the exploit kit since the beginning of February. Symantec notified Burrp of the compromise and the company has stated that it is working to resolve the issue. Most of the users who have been impacted by this attack are based in the US and India,” Norton further added.
Cybercriminals regularly use exploit kits to innovatively find vulnerabilities in systems and infect users with malware. An exploit kit opens a medium for cyber criminals to communicate with your system and feed it codes that include different types of commands. These kits are big money in the underground economy and one of the most notorious among them is the Angler Exploit Kit.
The script then sends a POST request to the same remote location. The response to this request includes a file that redirects users to the Angler exploit kit landing page.
If the exploit succeeds, then the TeslaCrypt payload is dropped onto the computer. If the exploit doesn’t work, then the kit drops another file with a different type of exploit to download TeslaCrypt onto the computer.
Once TeslaCrypt arrives, it writes an executable file to memory, which carries the Trojan’s main functionality. The Trojan then drops the ransom message into every folder with encrypted files. This notice demands that the user pays in bitcoins to obtain the decryption key and restore their data.
As per Norton, the best way for users to avoid infection from these types of attacks is to take preemptive actions like keeping operating system and other software updated.
Also you can take help of security software like Norton and they need to be updated regularly.
Users should also regularly back up files stored on their devices.
If you suspect that a site you use has been compromised, notify the site’s administrator as soon as possible to prevent the attack from spreading further.