New Bad Rabbit ransomware attacks Europe
A wave of Bad Rabbit ransomware attacks have been taking place across Europe since Tuesday, 24 October.
Initial targets include Ukraine’s Ministry of Infrastructure and Kiev’s public transportation system. The Russian news service Interfax also issued an official update stating that it had been hacked and that it was working to restore its systems. Kaspersky reports that Russian news group Fontanka.ru was also affected and focuses on the trend of targeted media outlets in its initial analysis. So far, Kaspersky and ESET have both noticed ties to the malware known as NotPetya or ExPetr.
Vaccination for the Ukraine round 2? Wanna stop #badrabbit?
Create a file called c:\windows\infpub.dat and remove all write permissions for it. This should keep the malware from encrypting. Testing it now… pic.twitter.com/3MSSH8WKPb— Amit Serper (@0xAmit) October 24, 2017
Pat Moran, PwC Cyber Leader said: “Bad Rabbit, which remains undetected by the majority of anti-virus programs, is similar to the Petya attack carried out earlier this year. However, unlike Petya, Bad Rabbit is not a wiper. It is a drive-by attack which requires the victim to download a fake Adobe Flash installer from an infected website and manually launch the .exe file. To operate correctly, it needs elevated administrative privileges which it attempts to obtain using the standard User Account Control (UAC) to prompt a user for administrator credentials. It is not yet known whether it is possible to get back files that have been encrypted by Bad Rabbit.”
Strategic recommendations
Leonard McAuliffe, Director, PwC Cyber Practice, said “Ransomware is an increasingly prevalent threat, with a rising number of variants designed to target corporate networks. In spite of this scourge, there are many pragmatic steps which organisations can take to reduce the likelihood of incidents, limit their impact when one does occur, and to recover swiftly and effectively. ”
Whoever created Bad Rabbit appears to be a Game of Thrones fan, as the malware makes reference to Daenerys Targaryen’s dragons and Grey Worm, a beloved character who is definitely not the skin disease known as greyscale. Read more
