This year we’ve seen some deadly malware attacks such as Petya and WannaCry. Joining this list is another potentially hazardous malware, called ‘Bad Rabbit’. As per incoming reports, this ransomware has been spotted in parts of Russia and Ukraine, as well as countries such as Bulgaria, Turkey, Germany, Poland and South Korea.
Security firms Kaspersky and ESET are continuously monitoring the spread and damage being done by Bad Rabbit. In fact, they claim that the group behind this new malware has ties to those responsible for Petya and WannaCry. Bad Rabbit not only seems to be affecting a lot of the same websites, but also uses the same roughly the same method to affect computers and networks. “This indicates that the actors behind ExPetr/NotPetya have been carefully planning the Bad Rabbit attack since July,” Costin Raiu, director of Kaspersky’s global research and analysis team, told WIRED.
Bad Rabbit is said to spread using Windows Management Instrumentation Command-line along with a tool to harvest passwords and other data from computers, called Mimikatz. A Kaspersky note explains how the malware uses a drive-by attack to infect a computer.
“Victims download a fake Adobe Flash installer from infected websites and manually launch the .exe file, thus infecting themselves. Our researchers have detected a number of compromised websites, all news or media sites,” the note says.
Once a computer is infected, the data is encrypted and the perpetrators ask for .05 Bitcoins (Rs 17,800 approximately) as ransom. Along with the ransom, there is a timer counting down from 40 hours, post which the ransom demands are said to go up. But security firms and governments have asked victims not to pay the ransom, as there is no guarantee if the data will be decrypted after payment.
As per various reports, Bad Rabbit has managed to infect computers at Ukraine’s Ministry of Infrastructure, Kiev Metro, Odessa airport, and media outlets in Russia including Interfax, and Fontanka.ru. CrowdStrike Vice President Adam Meyers is quoted as saying that the malware appears to have originated from Russian news and celebrity gossip site argumentiru.com, Gizmodo reports.