New Ransomware ‘Bad Rabbit’ Spreading Quickly Through Russia and Ukraine
Credit to Author: Lorenzo Franceschi-Bicchierai| Date: Tue, 24 Oct 2017 15:39:49 +0000
A new wave of ransomware has hit several targets in Russia and Eastern Europe on Tuesday, according to media reports and several security companies.
The malware, dubbed Bad Rabbit, has hit three Russian media outlets, including the news agency Interfax, according to Russian security firm Group-IB. Once it infects a computer, Bad Rabbit displays a message in red letters on a black background, an aesthetic used in the massive NotPetya ransomware outbreak.
The ransom message asks victims to log into a Tor hidden service website to make the payment of 0.05 Bitcoin, valued at around $282 at the time of writing. The site also displays a countdown of a little bit over 40 hours before the price of decryption goes up.
At this point, it’s unclear who’s behind the attack, who all the victims are, how the malware is spreading, or where it originated. Interfax said on Twitter that due to a cyberattack its servers are down. The airport of Odessa, in Ukraine, was also hit by a damaging cyberattack on Tuesday, but it’s unclear if it’s been hit by Bad Rabbit.
A Group-IB spokesperson said that a “new mass cyberattack” Bad Rabbit has targeted Russian media companies Interfax and Fontanka, as well as targets in Ukraine such as the airport of Odessa, the Kiev subway, and the Ministry of Infrastructure of Ukraine.
Kaspersky Lab, a security firm based in Moscow, said that it’s monitoring the attack.
ESET, another security company based in the Czech Republic, confirmed that there’s a live ransomware campaign. The company said in a blog post that at least in the case of the Kiev Metro, the malware is “a new variant of ransomware known also as Petya.” NotPetya itself was also a variant of Petya. ESET said it has detected “hundreds” of infections.
A researcher from Proofpoint said that Bad Rabbit spread via a fake Adobe Flash Player installer. For now, very few antivirus companies detect Bad Rabbit as malicious, according to malware repository VirusTotal.
This is a developing story, we will update the post when we get more information.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzo@jabber.ccc.de, or email lorenzo@motherboard.tv
Get six of our favorite Motherboard stories every day by signing up for our newsletter.