Bad Rabbit ransomware sweeps across Russian Federation and Europe

Ukraine was the chief victim of a major cyberattack earlier this year

USA and Russian cyber-security experts said the computer virus had also reached Turkey and Bulgaria in addition to Germany and a few other countries - but that its size still appeared to be relatively small.

"This ransomware has infected devices through a number of hacked Russian media websites". A previous, widespread ransomware outbreak, dubbed both Petya and NotPetya, hit multiple targets in Ukraine in June, then infected entire companies around the globe, including shipping giant Maersk and the global pharmaceutical company Merck.

"Based on our investigation, this has been a targeted attack against corporate networks, using methods similar to those used during the (NotPetya) attack", Kaspersky Lab said in a statement.

Kaspersky Lab's products detect the attack with the following verdicts: UDS:DangerousObject.Multi.Generic (detected by Kaspersky Security Network) and PDM:Trojan.Win32.Generic (detected by System Watcher).

There's a nasty new strain of ransomware spreading in Europe called "Bad Rabbit".

Bad Rabbit, a ransomware infection thought to be a new variant of Petya, has apparently hit a number of organisations in Russian Federation and Ukraine.

So far there haven't been any attacks seen in the UK. Russian forensics firm Group IB said Bad Rabbit has infected two other Russian media outlets besides Interfax.

Preliminary analysis indicates the malware is professionally developed and incorporates a variety of advanced measures created to allow it to rapidly infect large government and corporate networks.

There were also some indications that BadRabbit uses the NSA's EternalBlue tool, used by both NotPetya and the WannaCry ransomware worm that spread in May, to spread through a local network, although other reports disputed that and said Bad Rabbit simply used stolen passwords to spread.

While researchers have linked Bad Rabbit to NotPetya's creators, it isn't spread in the same way.

Officials said Bad Rabbit is a variant of Petya, a family of encrypting ransomware that emerged past year.

Once Bad Rabbit infects a computer, it displays a message in orange letters on a black background.

Again, BadRabbit asks for a 0.5-bitcoin ransom, but whether paying as such results to recovery of files remains to be determined.

The ESET experts said that the payment website is hosted on the Tor network, and the ransom note provided instructions to make the payment while displaying a countdown of 40 hours before the price of decryption increase.

It is understood the ransomware was distributed with the help of drive-by attacks. It's not yet known what happens if targets pay the ransom in an attempt to restore their data. It also remains unclear who is behind the attack.

Relacionada:

Comentarios


Otras noticias