Home Malware Programs Malware RIG Exploit Kit

RIG Exploit Kit

Posted: June 27, 2014

Threat Metric

Ranking: 4,346
Threat Level: 1/10
Infected PCs: 178
First Seen: June 27, 2014
Last Seen: October 8, 2021
OS(es) Affected: Windows

The RIG Exploit Kit is an online threat that uses software exploits, including ones that may take advantage of Netflix users specifically, to install threats onto their computers. Most exploit kit attacks may be modified to include different payloads, but the RIG Exploit Kit particularly is associated with the distribution of ransomware, which encrypts files and attempts to defraud the PC's user. Compromised advertising networks and other websites are the RIG Exploit Kit's main vehicle for distribution, and using anti-script and anti-advertising features, in combination with other PC security solutions, should be adequate protection from its attacks.

The Exploit Kit that Drills into Your Files to Mine Your Wallet

Exploit kits are one of the central and recurring components of the threat industry, doing the humble work of installing threatening software, whether or not the PC user at the other end of the attack has given his consent. The RIG Exploit Kit is one of the newest examples of these PC threats, and currently is used to distribute CryptoWall, a file encryptor Trojan that may modify files to make them unusable and then demands a fee before it will return them to normal. Like similar attacks, Cryptowall also may add time pressure by claiming to delete the pertinent information if the victim ignores its deadline for the payment, although malware experts have not verified this behavior.

The RIG Exploit Kit may distribute Cryptowall through compromised advertising networks and especially targets the Silverlight platform, but also may exploit other avenues of attack like Flash or Java. Malware researchers also have seen Cryptowall distributed in attacks that don't use the RIG Exploit Kit, such as one particularly noteworthy case of a Durham police department network whose compromise is traceable to a breach of e-mail safety protocols.

As with all file encryptors and other types of ransomware, paying the associated fee is not the recommended response. Instead, merely using remote backups to restore your files, along with anti-malware tools to delete Cryptowall, should be a sufficient – and much cheaper than otherwise – solution.

Taking the Exploits out of Your Web Browser Before Trojans Take Money out of Your Wallet

The RIG Exploit Kit's current infrastructure may use a range of different technical defenses against analysis, including piggybacking off of legitimate (but hacked) domains and preventing itself from being repeatedly loaded from the same IP address. However, none of these defenses should prevent the RIG Exploit Kit from being blocked by traditional browser security methods, which should include:

  • Using persistent anti-malware tools that can detect browser-based threats.
  • Using browser settings or add-ons that force any scripts to request permission to launch.
  • Using advertisement-blocking solutions.
  • Updating Java, Flash and other, equally vulnerable products, which will lower the amount of exploitable security flaws.

For all of the risk that the RIG Exploit Kit represents to the files on any PC, its attacks are symptomatic of the continued reliance people have on proven means of thwarting security to make a profit. As a result, malware experts continue to advise all readers to use the same forms of protection that would be equally effective against other exploit kit-based attacks.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to RIG Exploit Kit may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.