Bad Rabbit : A New Ransomware Outbreak is on the rise

As you may see many of the ransomware outbreak in the last couple of years but this year two ransomware hit cyber world on a very large scale and became one of the very infamous ransomware of the decade i.e. “WannaCry” and “ExPetr” (which is also known as Petya and NotPetya). It looks like very soon a third attack is in the queue. The new malware is known as Bad Rabbit Ransomware, which is a name that has been indicated by the Darknet website linked in the ransom note.

Bad Rabbit ransomware

In the latest investigation report it is revealed that the Bad Rabbit ransomware has been significantly infected some of the Russian media outlets along with the Interfax news agency and Fontanka.ru are some of the confirmed affected victims of the ransom malware. Recently a new attack has been noticed on the Odessa International Airport on its information system. But it is not clear that it is independent from this or the same. The malware developers behind the attacks of Bad Rabbit ransomware are demanding 0.05 Bitcoins (equals to $280) as a ransom money from the victims.

How Does The Bad Rabbit Comes Inside Of System?

According to Malware experts, Bad Rabbit follows a drive-by-attack to download a fake Adobe Flash Player updater installer using suspicious websites and launch the .exe file manually after successful installation on the compromised system. Our researchers have discovered a number of compromised websites, all news or media sites. According to a most recent research, most of the victims of the attacks are located in Russia. We have also seen several similar attacks, but less, in Ukraine, Turkey and Germany. The ransomware infected devices through a series of hacked Russian media sites. Based on our research, it is a targeted attack on corporate networks using methods similar to those used in the ExPetr attack.

According to some of the system security experts that they have collected enough evidence that their a strong link between the Bad Rabbit and the ExPetr attack that has been spotted in June of the this ongoing year. According to analysis some of the same malicious codes of ExPetr has been used into the Bad Rabbit ransomware. Some more similar things are like same list of infected domains used for the drive-by-attacks and the same mechanism is used to spread the malware to the Corporate networks by using Windows Management Instrumentation Command line (WMIC) to infect system. There is a difference that the Bad Rabbit ransomware does not uses EternalBlue exploit unlinke ExPetr but it literally uses EternalRomance exploit to spread on the local networks.

How Bad Rabbit Works On The Infected Computers?

In a latest malware report, it is revealed that there is the same culprit behind both of the attacks that the malware hackers preparing the Bad Rabbit ransomware attack in July 2017 or even earlier attack. Bad Rabbit does not acts like a wiper like ExPetr. It is just a ransomware which encrypts files and install a modified bootloader, and restrict the PC from manual booting. Unluckily, experts said that decryption of files looks impossible to get back encrypted files without having a proper encryption key. So you need a good backup of files to restore damaged one.

Some of the detected aliases of the Bad Rabbit ransomware

  • Trojan-Ransom.Win32.Gen.ftl
  • Trojan-Ransom.Win32.BadRabbit
  • DangerousObject.Multi.Generic
  • PDM:Trojan.Win32.Generic
  • Win.CVE-2017-0147

Leave a Comment

Your email address will not be published. Required fields are marked *