New ransomware known as 'Bad Rabbit' in cyber attack

Thursday, 26 Oct, 2017

Adobe's 2020 deadline for the death of Flash can't arrive soon enough.

However, Steven Malone, Cyber Resilience Expert at Mimecast, says that Big Rabbit is indeed a variant of NotPetya since both of them use the same SMB flaws to spread laterally once inside a network.

It has been dubbed Bad Rabbit, but this ransomware attack is potentially more costly than any swarm of killer bunnies your imagination could conjure up.

Russia's Interfax news agency reported on Twitter that a hacker attack has taken out some of its servers and forced it to rely on its Facebook account for the time being. "What makes this malware more unsafe than your typical ransomware being distributed in a similar manner is its ability to spread across an organisation as a worm and not just through email attachments or vulnerable web plugins".

The central bank said in a statement it will prepare the tools needed to lessen the possibility of such incidents in the future. So what is Bad Rabbit? "While the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actor's infrastructure", according to analysis by Kaspersky Labs.

What must you do to protect your files from Bad Rabbit?

If a person does click on the malicious installer - and given the number of Flash updates issued this is highly probable - their computer locks. If the ransom is not paid within roughly 40 hours, the cost of decrypting the lost data is increased.

BadRabbit uses a legit program called DiskCryptor to cipher data on a victim's hard drive, according to United Kingdom security consultant Kevin Beaumont.

Who has it been hitting?

"As businesses in Russian Federation and Ukraine report infections, global companies must look inward and ask themselves - "Have I done enough?"

ESET, another security company, has also spotted it in Bulgaria, Japan, and elsewhere.

Russia's Kaspersky Lab cybersecurity company has registered almost 200 attacks with ransomware called BadRabbit across the world, with most of the targets located in Russian Federation.

Bad Rabbit hit corporate networks in Russian Federation and Ukraine especially hard, according to multiple reports, and there were isolated reports of infections in Turkey, Bulgaria, Japan, Germany, Poland, South Korea and the United States by Tuesday evening. "The use of strategic web compromises and profilers provide guardrails that allow attackers to select targets carefully and halt operations quickly", said FireEye. These have included the Kiev Metro, Odessa airport.

Ukraine's state-run Computer Emergency Response Team (CERT) said a new wave of hacks was hitting the country and asked the transport networks to be on particular alert.