BadRabbit Ransomware hits Russia and Ukraine, remedy posted
Several Russian News Agencies and additional targets in Ukraine and have been hit with cyberattacks. The ransomware responsible for the attacks are based on a new variant of Petya Strain called BadRabbit.
A security firm named GroupIB have reported about the BadRabbit attack on the Russian Interfax news agency which is being down due to the cyberattack. Interfax have also confirmed the reports of the attack in its Facebook page.
The first reports of BadRabbit was spread through a fake Adobe Flash Player update that made its way into Russian News Media sites and the attacker demanded a ransom of 0.05 bitcoin ransom which is about $280. Although the ransom note which was posted on Twitter was written in English, no English speaking country has been hit by this attack.
" However, this is the only similarity we can observe between both malware, in all other aspects BadRabbit is a completely new and unique ransomware," Check Point said in a statement.
On other lines, Nick Carr, Security consultant and incident response at Mandiant says that BadRabbit drops and executes c:windowsinfpub.dat by ordinal function and is similar to EternalPetya ransomware in many ways.
Crowdstrike believes that, " BadRabbit is likely delivered via the website argumentiru[.]com which is a current affairs, news and celebrity gossip website focusing on Russian and near-abroad topics. CrowdStrike Intelligence can confirm that this website was hosting a malicious JavaScript inject as part of a Strategic Web Compromise (SWC) attack on 24 October 2017,” .
To give a breather, Cybereason researcher Mike Iacovacci has posted a series of steps to take that will prevent a system from being infected with BadRabbit.
Comments ( 0 )
No comments available