'Bad Rabbit' ransomware hits networks in Russia, Ukraine, Turkey and Germany

Bad Rabbit ransomware attacks Russian mass media

The ransomware has been named Bad Rabbit by Kaspersky Lab though to be fair it seems that's the name the creators of this malware gave to their weapon.

The Bad Rabbit ransomware infiltrated computers by posing as an Adobe Flash installer on compromised news and media websites.

The U.S. Computer Emergency Readiness Team said late Tuesday it "has received multiple reports of ransomware infections ... in many countries around the world".

The ransomware has been targeting organisations and consumers, mostly in Russian Federation but there have also been reports of victims in Ukraine, Turkey and Germany, according to the antivirus and internet security software company.

It elaborated: "We have also seen similar but fewer attacks in Ukraine, Turkey, and Germany".

"The danger in new ransomware variants is the potential for spread to vulnerable devices".

Once inside a network Bad Rabbit spreads by collecting user credentials with the Mimikatz tool as well as using hard coded credentials, says Palo Alto Networks and Cisco Systems Talos threat intelligence service, for spreading across the network. Upon installation, all their files get encrypted, and the victim is asked for a payment of 0.05 Bitcoin ($276.85 at the time of publication) to gain access to the encrypted files. It is also modifying the boot loader like Petya/NotPetya.

So far, Russian Federation is most badly hit by Bad Rabbit with over half the victims in that country, including the Moscow-based news agency Interfax, Reuters reported.

Meanwhile, the Independent reports that Cybereason claims to have a vaccine against the virus.

James Comey confirms Twitter account that was anonymous
Comey's Twitter name, Reinhold Niebuhr , is the name of an American liberal theologian who died in 1971. The account roared back to life last week with a new name, @FormerBu , and a series of nature photos.

It's unclear who's behind Bad Rabbit, but the attackers appear to be "Game of Thrones" fans. Keys are generated using CryptGenRandom and then protected by hardcoded RSA 2048 public key.

The malware has already contaminated systems in Russia, Ukraine, Bulgaria, Turkey and Japan.

Internet users are being warned to look at Adobe Flash updates with a high degree of caution because they may contain ransomware that will freeze up your computer until a payment is made to the hackers.

"This could simply be to widen its reach internally for the objective of further encrypting the files of users with elevated privileges, it may be used to hide inside compromised networks, or the ransom itself could be a decoy from the attack's real goal", Gumbs said. "By searching for this specific occurrence in monitored log data from endpoints, an organisation will be able to identify patient zero earlier, and act to isolate the impact".

Amichai Shulman, CTO, Imperva: "At the end of the day, all Ransomware is basically the same".

The security firms say the malware is similar to Petya, which hit dozens of countries earlier in 2017. As long as the infection and effect of the Ransomware is constrained to end points, the damage to organizations should be minimal. Where NotPetya was targeted at Ukraine, Bad Rabbit appears to have primarily hit Russian businesses. Joining this list is another potentially hazardous malware, called "Bad Rabbit".

Nick Pollard, director, security & intelligence, Nuix: "What's needed is a fresh approach in this escalating arms race".

That means all you need to do is visit the infected websites and your machine could be infected. Did we patch our systems after Petya?

Related news:

Hot News

isis-killer-beheading-video-story-top NAACP Warns Black Travelers About Flying American Airlines After "Disturbing" Incidents
Oct 26, 2017 - 01:17
In the advisory, the NAACP listed four incidents in which black passengers said they were discriminated against by AA employees. It said at the time that the Missouri advisory was the first ever issued by the organization, at the state or national level.

isis-killer-beheading-video-story-top Apple Pay launches in Sweden, Finland, Denmark and United Arab Emirates
Oct 26, 2017 - 01:16
When you use a credit or debit card with Apple Pay, the actual card numbers are not stored on the device, nor on Apple servers. With any luck, Apple Pay will fulfill the promise of Jennifer Bailey , who oversees the service as a vice president at Apple.

isis-killer-beheading-video-story-top New York Includes Vaping Under Smoking Ban
Oct 26, 2017 - 00:59
You are now not allowed to vape anywhere you're not allowed to smoke in New York State. E-cigarettes are electronic devices used to mimic smoking tobacco.

isis-killer-beheading-video-story-top American officials investigating after Air Canada flight lands without approval
Oct 25, 2017 - 01:15
A radar replay showed the preceding arrival was in fact clear of the runway when Air Canada landed, he added. Federal transportation investigators have been reviewing a probable cause for why it occurred.

isis-killer-beheading-video-story-top North Carolina city, county declare a state of emergency after severe storms
Oct 25, 2017 - 01:13
Both Dorchester and Colleton Counties were among several Lowcountry counties under a tornado watch that was in effect until 9 p.m. Central and eastern North Carolina could see severe thunderstorms with damaging winds and possible tornadoes Monday night.

isis-killer-beheading-video-story-top Texas father changes story about toddler's death
Oct 25, 2017 - 01:13
After she began to drink the milk on her own, Mathews "physically assisted" her until she "began to choke", authorities said. Gonzales added, "We can begin looking into those relatives, but it is entirely up to the judge where she is placed".

isis-killer-beheading-video-story-top Apple's iPhone X gamble shows signs of backfiring
Oct 25, 2017 - 01:11
Royal Bank Of Canada reiterated a "buy" rating and issued a $180.00 target price on shares of Apple in a research note on Monday. A survey by brokerage firm Bernstein concludes that the demand for the iPhone X would be substantial but not exceptional.

isis-killer-beheading-video-story-top Taco Bell testing 'Kit-Kat Chocoladilla' quesadilla on select menus
Oct 25, 2017 - 01:09
Apparently, a Twix version has been sold at some locations as well, according to Brand Eater. It was tested past year in the UK.

isis-killer-beheading-video-story-top NIA arrests Hizbul chief's son Shahid Yusuf in 2011 terror funding case
Oct 25, 2017 - 01:09
He was served the summons on October 16 to present himself before NIA investigators at their New Delhi office, today (October 24). The 2011 terror funding case seems to be finding its ground now after NIA nabbed four accused in 2011 and filed a charge sheet.

isis-killer-beheading-video-story-top Bowe Bergdahl Says Life Is Actually Worse Since Release from Taliban
Oct 25, 2017 - 01:08
Upon conversing to various soldiers encompassing, a former Army lawyer, in preliminary hearing about how they'd penalize Bergdahl. Myers observed from the operations center as exceptional as the operation forces were hauled to search for Bergdahl.

isis-killer-beheading-video-story-top Samsung Galaxy J7 catches fire mid-air on Jet Airways flight
Oct 24, 2017 - 01:10
On this incident, a Samsung India spokesman said "We are in touch with relevant authorities for more information. The handset, a Samsung J7, belonged to Delhi resident Arpita Dhal and was kept in her handbag under the seat.

isis-killer-beheading-video-story-top Does Eric Bledsoe Want Off The Phoenix Suns?
Oct 24, 2017 - 01:02
Meanwhile, the Suns would get a 21-year-old point guard who could offer immediate relief as a guard alongside Devin Booker . ESPN's Zach Lowe wrote in early October that "the Suns will surely listen if and when suitors call for Eric Bledsoe ".

isis-killer-beheading-video-story-top Even Some Xbox 360 Games Receive Xbox One X Enhancements
Oct 24, 2017 - 01:00
The first wave of Original Xbox games include Ninja Gaiden Black , Knights of the Old Republic and Prince of Persia Sands of Time. Now it sounds like the turmoil surrounding that launch also delayed the rollout of Xbox 360 backward compatibility on the system.

PayPal and Facebook Messenger add P2P payments and Chat Bot support
Oct 24, 2017 - 00:59
Also, it looks like iOS is getting the feature first, but we're hoping it shows up on Android soon. This integration in Messenger is starting to roll out to United States consumers.

isis-killer-beheading-video-story-top World Health Organization 'rethinks' appointment of Mugabe as goodwill ambassador after huge backlash
Oct 23, 2017 - 05:52
The groups said they had raised their concerns with Mr Tedros on the sidelines of the conference, to no avail. The main opposition party in Zimbabwe, MDC, described the appointment as "laughable".