Group-IB identified source of Bad Rabbit virus spread

Group-IB identified source of Bad Rabbit virus spread

Group-IB identified source of Bad Rabbit virus spread

No infection reports related to Bad Rabbit ransomware attack have been received so far from Azerbaijan's state structures, a source in the Community Emergency Response Team (CERT) under Special Communication and Information Security State Agency of the country's Special State Protection Service told Trend on October 25.

In the third major ransomware outbreak of the year, Bad Rabbit has infected a number of high profile targets in various countries.

The Computer Emergency Response Team (CERT) has alerted the users about the latest ransomware, which is spreading in parts of Russian Federation and Ukraine, as well as countries such as Bulgaria, Turkey, Germany, Poland and South Korea. Reportedly, the new cyber attack has hit parts of Eastern Europe, including an global airport in Ukraine and three media outlets in Russian Federation.

A fake Flash Player update has been used to deliver via a drive-by-download and compromising systems, according to Cisco's Talos intelligence Group Blog.

Malware researcher Amit Serper claims to have discovered a vaccine for Bad Rabbit. Avast said the ransomware has been detected in the US, South Korea and Poland, according to CNN.

For its part, Bad Rabbit encrypts a computer and then demands a payment of 0.05 bitcoins, worth roughly just over £200.

The UK National Cyber Security Centre said it is a matter for the victim whether to pay the ransom, but encourages industry and the public not to pay.

Earlier this year, the "WannaCry" ransomware triggered the closure of NHS hospitals, factories and other facilities around the globe for days.

To perform this immunization, you will need to have administrator rights to a PC.

"Bad Rabbit" looks a lot like the NotPetya attack that ravaged Ukrainian computer systems in June.

The malware appeared to be using an encryption scheme that prevented analysts from deciphering the malicious code, Gukov said.

While no one in the United Kingdom is believed to have been affected by Bad Rabbit, Kaspersky Lab is advising users to back up their data and not to pay the ransom in the event of infection. Furthermore, a Russian media portal Interfac also appears to be hacked however the company later started working on to restore its system.

"The risky aspect is the fact that it was able to infect many institutions which constitute critical infrastructure in such a short timeframe", says Robert Lipovsky, researcher at ESET, "which indicates a well-coordinated attack". Hackers via the ransomware malware are making files unavailable to users and as a outcome disrupt the operations.

Companies like Bitdefender, Cisco Talos, ESET, Group IB, Intezer Labs, Kaspersky Lab, and Malwarebytes, along with security researcher Bart Parys, have published reports on the connections between these two strains. The ransomware relies on people downloading a commonly used programme update in order to infect themselves, plus early indications showed many anti-virus systems can't detect it.

Related news

[an error occurred while processing the directive]