The "Bad Rabbit" Ransomware on the loose

Another ransomware attack is about now spreading across Europe, with the "bad rabbit" moniker, first detected in Russia and Ukraine, but as at Tuesday evening the infections have been reported in Turkey, Bulgaria, Japan, Germany, Poland, South Korea and the United States.

While security researchers, including Kaspersky and ESET have identified NotPetya or WannaCry ties to the malware, as it uses similar method to those used in the WannaCry attack.

The Bad Rabbit ransomware requires the victim to download and execute a bogus Adobe Flash installer file, which it leverages to infect the system.

It is initiated when a network user runs a phony Adobe Flash Player installer posted on the hackers' website, albeit the initial infections came from Russian-language news sites only, then the Bad Rabbit malware enters the enterprise networks.

And once it has infected the initial machine in a network, Bad Rabbit uses the open-source tool MimiKatz to find any login credentials stored on the machine, then tries to use those credentials to spread to other machines on the network.

The victims are directed to a .onion Tor domain where they are asked to pay .05 Bitcoin or roughly $276 USD in exchange for their data.

However, infected victims have been recommended not to pay the ransom, as there’s no guarantee they’ll get the data back and refusing to pay discourages such future ransomware attacks as well.
Next Post »