Group-IB identified source of Bad Rabbit virus spread

Bad Rabbit Ransomware Attack Is On The Rise — Here's What You Need To Know

"There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete", explained Wisniewski.

Hackers are using fake Adobe Flash updates to inject the Bad Rabbit ransomware to computers and are demanding 0.05 Bitcoin as ransom. But it is not clear whether it is related to ExPetr, Kaspersky says. "While reports indicate Bad Rabbit is affecting networks primarily in Russian Federation and eastern Europe, we know how easily malware can jump from one host to another".

In this instance, the malware is disguised as an Adobe Flash installer. However, analysts are still investigating whether "Bad Rabbit" is anyhow linked with "NotPeta".

While Bad Rabbit being able to spread across the networks may remind some readers of the infamous EternalBlue exploit that was dropped by the Shadow Brokers earlier this year from their exclusive NSA kit and has been used in multiple ransomware and malware strains, Bad Rabbit does not use this particular exploit.

A FRESH cyber attack has seen computers go down in Russia, Ukraine, Germany and Turkey which has been blamed on ransomware.

This is why some experts are now looking at the theory that the ransomware outbreak was actually a cover to mask other more sinister attacks.

It spreads by pretending to be a Flash update, and is full of hidden "Game of Thrones" references. By now, the threat has affected more than 200 major organizations mainly in Russia, Ukraine, Germany, Japan, and Turkey in a few hours. Researchers at Cisco Talus say Bad Rabbit also has a trick in its hat, an SMB component which allows it to move laterally across an infected network and propagate without user interaction. This was reported by TASS, quoting general director and main owner of the company Ilya Sachkov. "Our researchers have detected a number of compromised websites, all news or media sites". "Overall, there are nearly 200 targets, according to the KSN statistics". The US Department of Homeland Security issued a warning Tuesday on Bad Rabbit.

Kaspersky said in a blog post on Wednesday that although most attacks have been identified in Russian Federation, some were also seen in Turkey, Ukraine and Germany. So far the main way devices are infected is through a drive-by attack - that is by visiting a corrupted Web site whose HTML code or a.js file has been infected with JavaScript. If a user doesn't help the process along by installing the Flash update it would be benign and not wreak the devastation it has across the region. Hackers via the ransomware malware are making files unavailable to users and as a outcome disrupt the operations.

The security firms say the malware is similar to Petya, which hit dozens of countries earlier in 2017.

The analysis found the ransomware exploits the Server Message Block, which was also seen in NotPetya.

Related news:

Hot News

isis-killer-beheading-video-story-top 41% of Android devices vulnerable to "exceptionally devastating" hack
Oct 17, 2017 - 00:27
This means things like credit card numbers, passwords, photos, and more can all be intercepted through this Krack Attack. The solution to this problem is to immediately update the device as soon as a security patch becomes available.

isis-killer-beheading-video-story-top EPA chief signing death warrant for Obama Clean Power Plan
Oct 10, 2017 - 21:11
LUDDEN: Now, more than two dozen states actually sued over that plan, including Pruitt when he was Oklahoma's attorney general. The plan pushed all power plants in the U.S.to cut carbon emissions by roughly 30 percent of 2005 levels.

isis-killer-beheading-video-story-top Kylie Jenner Might Have Revealed The Sex Of Khloe's Baby
Oct 10, 2017 - 20:53
Two of the cases feature the color pink while the other one has a blue shade. She revealed her plans on settling down and having a family of her own.

isis-killer-beheading-video-story-top Spartans upset No. 7 MI in a storm on the road
Oct 10, 2017 - 02:55
The betting is going heavily in favor of MI covering the spread with only 23% for the Hoosiers and 77% for the Wolverines. The Wolverines kicked a field goal on their first drive, but hardly anything went right on offense the rest of the game.