New BadRabbit ransomware spreads through Eastern Europe

2017/10/25 | Source:

A new ransomware attack named BadRabbit is spreading through Russia, Ukraine, and other Eastern European countries. Targeting corporate networks, computer systems for the Kiev Metro, Ukraine's Odessa International Airport, several Russian media outlets, and others have been affected, with systems encrypted and computers displaying a ransom message.

Cybersecurity researchers at ESET and Kaspersky are among the organizations keeping watch. Both say the authors have ties with Petya, the ransomware attack that spread worldwide earlier this summer. Cybersecurity firm Kaspersky found that both Petya and BadRabbit appeared on dozens of the same hacked websites, according to a report fromWired. Both spread by using the Windows Management Instrumentation Command-line, a scripting interface for managing devices and applications in a network, along with Mimikatz, a tool for harvesting passwords and other data from computers. "This indicates that the actors behind ExPetr / NotPetya have been carefully planning the BadRabbit attack since July," Kaspersky tells Wired.

ESET says one of the methods used to distribute BadRabbit is through drive-by download, where Javascript is injected into a website's HTML body or a .js file. When someone then visits a compromised site, a pop-up saying Flash Player needs to be updated tricks victims into downloading and installing the malware themselves. ESET tells Wired it believes this was only one method, and possibly a "smoke screen."



Back to top