'Bad Rabbit' ransomware spreads in Russian Federation and Ukraine

Интерфакс

Интерфакс

Networks in Russian Federation and Eastern Europe have been targeted by a new strain of ransomware dubbed 'Bad Rabbit, ' a possible variant of the 'Petya' malware that hit computer systems earlier this year.

There is no exploit here, Kaspersky says, so the victim has to manually execute the malware dropper, which is disguised as an installer for Adobe Flash - the file is called install_flash_player.exe.

Dubbed "Bad Rabbit", the virus is the latest example of cybercriminals using ransomware to try to extort money from victims across the globe.

- A module that infects the boot record and produces the ransom message. So far, there's no evidence the attack uses any exploits.

A new strain of ransomware is now making waves across Russian Federation and Ukraine, with many fearful that we will see a repeat of the destruction wrought by WannaCry.

The ransomware has infected Russian websites including news agency Interfax as well as an airport in Ukraine and a metro system in Kiev, and is known to that country's police who are now investigating.

Bad Rabbit has also affected a Ukrainian airport and an underground railway system in Kiev, Ukraine's capital. "As Russia was the origin of the attack, by the time it takes to reach the USA it's a known and blocked attack by signature-based anti-virus, as well as already having been detected by solutions which are not signature-dependent".

Preliminary analysis indicates the malware is professionally developed and incorporates a variety of advanced measures created to allow it to rapidly infect large government and corporate networks.

Called Bad Rabbit, the bug is thought to be a variant of Petya.

"This could simply be to widen its reach internally for the goal of further encrypting the files of users with elevated privileges, it may be used to hide inside compromised networks, or the ransom itself could be a decoy from the attack's real objective", Gumbs said.

The Bad Rabbit ransomware attack which affected more than 200 targets in many countries across Europe, demanding ransom in the form of Bitcoin cryptocurrency, may have been carried out by the same hacker group that was behind the Petya ransomware attack aka NotPetya that took place at the end of June, 2017.

He further said that gateway solutions like Sophos Email Appliance, Sophos Web Appliance, Sophos SG and Sophos XG UTM customers are able to prevent infection both by using anti-virus identities and through the use of proactive sandboxing technology. Source code analysis contains references to Game of Thrones dragon characters, Drogon; Rhaegal and Viserion. Victims have around 40 hours to make payment, and once the timer overflows, the ransom will increase.

"US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored", US-CERT stated in an alert.

While it's not spreading as widely as attacks like NotPetya and WannaCry, reports have indicated that where it has hit, it has caused severe disruption.

There are still no clues as to who might be behind the attack. Instead it was a basic drive-by-download leveraging compromised websites. Microsoft has provided some useful guidance here network administrators can follow to protect their organizations against Bad Rabbit.

Recommended News

  • Chris Sale on Game 1 performance: Bad time to 'suck'

    Chris Sale on Game 1 performance: Bad time to 'suck'

    The Astros winning this series would bring relief to the city of Houston as they recover from Hurricane Harvey. Recap our complete live updates and get all the stats you need in the provided box score.
    What did Nick Saban think of no domination in College Station?

    What did Nick Saban think of no domination in College Station?

    An Alabama fumble Saturday was the Tide's first turnover since the second quarter of the Auburn game last season. AP No. 1s all time regardless of location , previously lost to top-ranked Alabama 49-42 at Kyle Field in 2013.
    UFC 216 Betting Preview: Ferguson vs. Lee, Johnson vs. Borg Odds, Analysis

    UFC 216 Betting Preview: Ferguson vs. Lee, Johnson vs. Borg Odds, Analysis

    Demetrious Johnson is on the verge of history when he defends his UFC flyweight title Saturday night against Ray Borg at UFC 216 . It's whether or not you can get on the big cards. "I've already gone from the highest of the high in terms of a money fight".
  • Goodbye Columbus Day? Why Italian-Americans deserve a better holiday

    Goodbye Columbus Day? Why Italian-Americans deserve a better holiday

    The Chicago World's Fair, which opened in the summer of 1893, was meant to commemorate Columbus's "discovery" of the new world. He tricked the locals to labor for him by using his charts to feign the theft of the moon during a lunar eclipse.
    Jets - Browns: NFL Week 5 score highlights

    Jets - Browns: NFL Week 5 score highlights

    Kizer, who has experienced rookie growing pains in his first five games, finished 8-of-17 for 87 yards and an interception. This game could be the battle for the first pick since the Jets schedule goes into the hard portion following this game.

    What Happens If The USMNT Wins, Loses Or Ties Friday Night

    The 19-year-old new face of the American national team had too many indifferent stretches during the qualifying games last month. A win against Panama brings it up to 93 percent, a draw brings it down to 63 percent, and a loss gives them a 44percent chance.
  • Encarnacion out of Indians' lineup for Game 3

    Encarnacion out of Indians' lineup for Game 3

    If he'd known the future - a grand slam that turned an 8-3 game into an 8-7 game - Girardi surely would have changed his mind. But even though Chisenhall didn't show any indication the ball had hit him, he was given first base on a hit by pitch ruling.
    Darvish to start Game 3 for Dodgers in NLDS

    Darvish to start Game 3 for Dodgers in NLDS

    The red-bearded slugger tied a Dodgers record for most RBIs in a postseason game, sharing it with Pedro Guerrero and Davey Lopes . The national anthem will be sung by Elliott Yamin, the third-place finisher in the 2006 season of "American Idol".
    Argentina slumps to 0-0 draw; verges on missing World Cup

    Argentina slumps to 0-0 draw; verges on missing World Cup

    If Chile lose, the victor of this game will leapfrog them, leaving the loser relying on results elsewhere to qualify. Colombia looked to be heading to Russian Federation before they slipped to a late loss against Paraguay .
  • Harrison Ford, Ryan Gosling can't stop laughing in boozy British interview

    Harrison Ford, Ryan Gosling can't stop laughing in boozy British interview

    If the future world first introduced to us 35 years ago in Blade Runner was anything, it was a world starved for want of wonder. His Los Angeles remains dark, rainy and gloomily handsome , but it's essentially unchanged from Scott's depiction of 2019.

    Google Takes On Amazon Dot With New Home Mini

    You can tap the middle to play/pause, tap the side to adjust volume and long press the middle to activate the Google Assistant . The Google Home Max ($399) is available a little later, with pre-orders opening on November 13 and shipping on January 14.
    Highlights of Major League Baseball  playoff games on Thursday

    Highlights of Major League Baseball playoff games on Thursday

    Houston will counter with its pitching rotation which was boosted by the acquisition of Justin Verlander midseason. The Astros scored the most runs, have the highest average and had more total bases than any offense in baseball.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.