'Bad Rabbit' Ransomware Strikes Russia, Ukraine, Turkey, Germany

Thursday, 26 Oct, 2017

"They're moving real quick and we need to be agile enough to defend against that sort of thing", Davis said of bad actors seeking to spread ransomware.

Dubbed "Bad Rabbit", the virus is the latest example of cybercriminals using ransomware to try to extort money from victims across the globe.

The ransomware creators demand 0.05 bitcoin ransom (~ $280) from victims to unlock their systems.

The UK National Cyber Security Centre said it is a matter for the victim whether to pay the ransom, but encourages industry and the public not to pay. Interfax was forced to publish to its Facebook page during the outage, since its servers were taken offline for a number of hours.

A FRESH cyber attack has seen computers go down in Russia, Ukraine, Germany and Turkey which has been blamed on ransomware.

Officials said Bad Rabbit is a variant of Petya, a family of encrypting ransomware that emerged past year.

"We have identified the domain name from which the virus was spread, and there are five other resources associated with this domain name and IP address", he said.

As for who was affected, Malwarebytes Labs said that there were initial impacts in Russia, Ukraine, Turkey, Bulgaria, and Germany, with attacks centred on targets as wide-ranging as infrastructure, transportation, and media outlets.

Costin Raiu, director of a global research team at Kaspersky, said Bad Rabbit was launched through "an elaborate network of hacked websites", with a link to NotPetya.

Previously, in June, ESET tied the NotPetya ransomware campaign to a cyber-espionage group named TeleBots, previously known for attacking Ukraine's power grid in December 2015 and December 2016.

Speaking to SmartCompany, practice manager at Melbourne-based ethical hacking company HackLabs, Michael McKinnon, says Bad Rabbit has all the indications of an "old-school attack", specifically referring to the infection point relying on human interaction and error over standalone system exploits. "Based on our investigation, this is a targeted attack against corporate networks, using methods similar to those used in the ExPetr attack", Kaspersky said. Source code analysis contains references to Game of Thrones dragon characters, Drogon; Rhaegal and Viserion.

Considering that most antivirus software have been unable to detect Big Rabbit so far, following these suggestions would help you protect your device and the data within until your antivirus provider brings in new patches to plug the threat.

Cybereason researchers Amit Serper and Mike Iacovacci have claimed to have developed a way to prevent Bad Rabbit from infecting a machine.

A new, potentially virulent wave of data-encrypting malware is sweeping through Eastern Europe and has left a wake of outages at news agencies, train stations, and airports, according to multiple security companies Tuesday.

Adobe told the Journal that the attack does not use an actual Flash update to deliver the payload. The dropper is downloaded by users when they visit infected websites and appears as a Flash Player installer (install_flash_player.exe). The program just pretends to be Flash to fool people into downloading it.