“Bad Rabbit” Ransomware newly attacks and how it hit the data?
A new ransomware worm dubbed “Bad Rabbit” began spreading across the world Tuesday (Oct. 24), and it appeared to be a much-modified version of the NotPetya worm that hit eastern Europe in June.The malware has affected systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city, Kiev.The cyber-police chief in Ukraine confirmed to the Reuters news agency that Bad Rabbit was the ransomware in question.It bears similarities to the WannaCry and Petya outbreaks earlier this year.
However, it is not yet known how far this new malware will be able to spread.”In some of the companies, the work has been completely paralysed – servers and workstations are encrypted,” head of Russian cyber-security firm Group-IB, Ilya Sachkov, told the TASS news agency.Two of the affected sites are Interfax and Fontanka.ru.Meanwhile, US officials said they had “received multiple reports of Bad Rabbit ransomware infections in many countries around the world”.The US computer emergency readiness team said it “discourages individuals and organisations from paying the ransom, as this does not guarantee that access will be restored”.
More: Best Antivirus Software
How “Bad Rabbit” seems to Attack?
The Bad Rabbit malware enters enterprise networks when a user on network runs a phony Adobe Flash Player installer posted on a hacked website. (Flash Player, both real and fake, is a favorite cybercriminal tool.) The initial infections came from Russian-language news sites, one of which seemed to have been actively infecting visitors even as it reported on the malware outbreak.Some reports said websites based in Denmark, Turkey and Ireland had also been corrupted with the fake Flash installer.After it has infected the initial machine in a network, Bad Rabbit uses the open-source tool MimiKatz to find any login credentials stored on the machine, then tries to use those credentials to spread to other machines.
There were also some indications that BadRabbit uses the NSA’s EternalBlue tool, used by both NotPetya and the WannaCry ransomware worm that spread in May, to spread through a local network, although other reports disputed that and said Bad Rabbit simply used stolen passwords to spread.Once it has spread as far as it can through a network, Bad Rabbit encrypts all files of commonly used Windows Office, image, video, audio, email and archive filetypes on infected Windows machines, using the open-source DiskCryptor utility, and posts a ransom note. The victim is instructed to send 0.05 bitcoin (about $280) to a specific Bitcoin wallet.