Bad Rabbit: New ransomware strikes computers in Eastern Europe and other countries


Dubbed "Bad Rabbit", the virus is the latest example of cyber criminals using ransomware to extort cash - here's everything you need to know.

A major ransomware attack is hitting computers in Russian Federation and Ukraine, bearing similarities to the NotPetya outbreak that caused billions [of dollars] of damage in June.

Computers affected with BadRabbit receive a ransom message asking for 0.5 bitcoins, or about $275, to have their systems decrypted and returned to normal. A new ransomware, BadRabbit locks up files and demands ransom but experts warn victims not to pay the ransom as they probably won't get access to data anyway.

On 24 October 2017, Interfax tweeted: "Due to hacker attack Interfax servers failed". Much like this year's NotPetya incident, the initial wave of infections is mostly hitting Russian Federation and Ukraine, though instances have appeared in Turkey, Germany, Bulgaria, and other countries. Cybersecurity firm ESET also identified cases of Bad Rabbit in Japan and Bulgaria. There have also been reports of the virus hitting Poland and South Korea.

The ExPetr Ukraine-focusedattack, also known as NotPetya, was the second significant ransomware outbreak of the year, in the wake of the infamous WannaCry ransom which brought the NHS to its knees. "Most of the detections are in Russian Federation and Ukraine, however, also there are reports of computers in Turkey, Bulgaria and other countries are affected", ESET, one of the security firms monitoring the outbreak has said. What we do know so far is that the attackers are demanding payment of 0.05 bitcoin, now worth £213.

VP of intelligence at CrowdStrike, Adam Meyers says it's likely the malicious actors behind NotPetya are also responsible for Bad Rabbit. Users are prompted to install the malware which is disguised as Adobe Flash player. It serves as a reminder that people should never download apps or software from pop-up advertisements or websites that don't belong to the software company.

After it has infected the initial machine in a network, Bad Rabbit uses the open-source tool MimiKatz to find any login credentials stored on the machine, then tries to use those credentials to spread to other machines.

"Some might say - why after WannaCry and NotPetya are systems still unpatched?"

It's not clear who's behind the outbreak, but the cybercriminals appear to be "Game of Thrones" fans. "Some of the strings used throughout the code are the names of different characters from this series (e.g Grey Worm, Drogon)". United States officials, meanwhile, stated that reports of Bad Rabbit had been received from "many countries around the world".

Security researchers reported that they have found a brand new strain of malware called Bad Rabbit. So far there have been only two payments to one of the Bitcoin wallets earning the attackers around $500, suggesting that this is not as fruitful as other campaigns. This is a fairly uncommon method of malware distribution.