New ransomware attack hits Russian Federation and spreads around globe

“In the past, worms and other malware would spread more covertly, but with ransomware, the primary goal is to be detected“, said ex-NSA computer scientist and Obsidian Security CTO Ben Johnson, via email.


After infecting one machine in a network – one computer in an office, for example – Bad Rabbit can find any login details stored on the machine which it uses to spread to others, security researchers have claimed. “Overall, there are nearly 200 targets, according to the KSN statistics”, Kaspersky Lab said.

The attackers also exploited vulnerabilities in the Windows data sharing protocol SMB using an open source tool called Mimikatz, ESET said.

Russian news agency Interfax announced via Twitter that it was working to restore its systems after hackers took down its servers.

While the scale of the Bad Rabbit attack remains to be seen, it further highlights the urgent need for firms to leverage re/insurance capacity to cover growing cyber threats. In Ukraine, Kiev’s public transport system was also reportedly hit, as was the government (Ministry of Infrastructure). Shulman continues. “The issue of patching is irrelevant when looking at a potentially self-replicating malware like Bad Rabbit because in any large network there will be some unpatched devices”.

Preliminary analysis indicates the malware is professionally developed and incorporates a variety of advanced measures created to allow it to rapidly infect large government and corporate networks.

Cybersecurity researchers from Kaspersky described the malware, dubbed Bad Rabbit, in a blogpost on Tuesday, October 24. Users of infected computers receive a notice that their files are encrypted.

A new strain of malicious software has paralysed computers at a Ukrainian airport, the Ukrainian capital’s subway and at some independent Russian media.

Thanks to cyber security researchers Amit Serper and Mike Iacovacci, there is now a detailed step-by-step procedure to prevent your systems from getting infected by Bad Rabbit. At the time of this writing, the starting price.05 bitcoins (BTC) translates to $275.59 United States dollars. The site also sets up a time limit to pay the ransom, increasing the ransom amount asked for if it isn’t met before the countdown ends.

BadRabbit’s code appears to be related to NotPetya, a devastating ransomware attack that first began infecting organizations on June 27 (see Another Global Ransomware Outbreak Rapidly Spreads). It also remains unclear who is behind the attack. As with all forms of ransomware, paying the money is no guarantee of getting your data back.


Bad Rabbit Ransomware: How do I protect myself?

Beware of Bad Rabbit: What we know about latest virus besieging Europe