On October 24th notifications were observed of mass attacks with ransomware called Bad Rabbit. It has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine.

Here’s what a ransom message looks like for the unlucky victims:

 

What is Bad Rabbit?

Bad Rabbit is a previously unknown ransomware family.

How is Bad Rabbit distributed?

The ransomware dropper was distributed with the help of drive-by-attacjs. While the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actor’s infrastructure. No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer. However, our analysis confirmed that Bad Rabbit uses the EternalRomance exploit as an infection vector to spread within corporate networks. The same exploit was used in the ExPetr.

We’ve detected a number of compromised websites, all of which were news or media websites.

Who does it target?

Most of the targets are located in Russia. Similar but fewer attacks have also been seen in other countries – Ukraine, Turkey and Germany. Overall, there are almost 200 targets, according to the KSN statistics.

Since when does Kaspersky Lab detect the threat?

Karspersky Lab have been proactively detecting the original vector attack since it began on the morning of October 24. The attack lasted until midday, although ongoing attacks were detected at 19.55 Moscow time. The server from which the Bad rabbit dropper was distributed went down in the evening (Moscow time).

How is it different to ExPetr? Or it is the same malware?

Our observations suggest that this been a targeted attack against corporate networks, using methods similar to those used during the ExPetr attack. What’s more, the code analysis showed a notable similarity between the code of ExPetr and Bad Rabbit binaries.

 

For more information, please visit https://securelist.com/bad-rabbit-ransomware/82851/

 

Latest News

URGENT - PrintNightmare Office Update is Available
Read more ...
URGENT - Phishing email re: Office365 Login Passwords
Read more ...
URGENT - Install Exchange Server updates now
Read more ...
The Importance Of Backing Up Your Data Offsite
Read more ...
Ransomware is on the rise!
Read more ...
Service Continuity Announcement: Coronavirus (Covid-19)
Read more ...
Google to phase out HTTP downloads
Read more ...
Windows 7 - End of Support
Read more ...

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.