{"id":10057,"date":"2017-10-24T07:45:26","date_gmt":"2017-10-24T15:45:26","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/10\/24\/news-3830\/"},"modified":"2017-10-24T07:45:26","modified_gmt":"2017-10-24T15:45:26","slug":"news-3830","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/10\/24\/news-3830\/","title":{"rendered":"New Ransomware \u2018Bad Rabbit\u2019 Spreading Quickly Through Russia and Ukraine"},"content":{"rendered":"<p><strong>Credit to Author: Lorenzo Franceschi-Bicchierai| Date: Tue, 24 Oct 2017 15:39:49 +0000<\/strong><\/p>\n<p> A new wave of ransomware has hit several targets in Russia and Eastern Europe on Tuesday, according to media reports and several security companies. <\/p>\n<p> The malware, dubbed Bad Rabbit, has hit three Russian media outlets, including the news agency Interfax, according to Russian security firm Group-IB. Once it infects a computer, Bad Rabbit displays a message in red letters on a black background, an aesthetic used in <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/qv4gx5\/a-ransomware-outbreak-is-infecting-computers-across-the-world-right-now\">the massive NotPetya ransomware outbreak<\/a>.<\/p>\n<div style=\"max-width: 550px;\" data-iframely-id=\"5eADKgn\" data-embedded-url=\"https:\/\/twitter.com\/GroupIB_GIB\/status\/922819835494649856 \" class=\"article__embed article__embed--iframely\">\n<div style=\"left: 0; width: 100%; height: 0; position: relative; padding-bottom: 56.25%;\" data-iframely-smart-iframe=\"true\"><iframe  src= width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/div>\n<\/div>\n<p>The ransom message asks victims to log into a Tor hidden service website to make the payment of 0.05 Bitcoin, valued at around $282 at the time of writing. The site also displays a countdown of a little bit over 40 hours before the price of decryption goes up.<\/p>\n<div class=\"article__media\"><picture class=\"article__image\"><source media=\"(max-width: 25em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1508859364432-Screen-Shot-2017-10-24-at-104227-AM.png?resize=400:*, https:\/\/video-images.vice.com\/_uncategorized\/1508859364432-Screen-Shot-2017-10-24-at-104227-AM.png?resize=600:* 2x\"><source media=\"(max-width: 40.625em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1508859364432-Screen-Shot-2017-10-24-at-104227-AM.png?resize=650:*, https:\/\/video-images.vice.com\/_uncategorized\/1508859364432-Screen-Shot-2017-10-24-at-104227-AM.png?resize=975:* 2x\"><source media=\"(max-width: 53.125em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1508859364432-Screen-Shot-2017-10-24-at-104227-AM.png?resize=850:*, https:\/\/video-images.vice.com\/_uncategorized\/1508859364432-Screen-Shot-2017-10-24-at-104227-AM.png?resize=1275:* 2x\"><source media=\"(max-width: 65.625em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1508859364432-Screen-Shot-2017-10-24-at-104227-AM.png?resize=1050:*, https:\/\/video-images.vice.com\/_uncategorized\/1508859364432-Screen-Shot-2017-10-24-at-104227-AM.png?resize=1575:* 2x\"><source media=\"(min-width: 65.625em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1508859364432-Screen-Shot-2017-10-24-at-104227-AM.png?resize=1050:*, https:\/\/video-images.vice.com\/_uncategorized\/1508859364432-Screen-Shot-2017-10-24-at-104227-AM.png?resize=1575:* 2x\"><img decoding=\"async\" src=\"https:\/\/video-images.vice.com\/_uncategorized\/1508859364432-Screen-Shot-2017-10-24-at-104227-AM.png\" alt=\"\"><\/picture>\n<div class=\"article__image-caption\">A screenshot of the Bad Rabbit onion site. Image: Motherboard<\/div>\n<\/div>\n<p> At this point, it&#8217;s unclear who&#8217;s behind the attack, who all the victims are, how the malware is spreading, or where it originated. Interfax <a href=\"https:\/\/twitter.com\/interfax_news\/status\/922799045088829442\" target=\"_blank\">said on Twitter<\/a> that due to a cyberattack its servers are down. The airport of Odessa, in Ukraine, <a href=\"https:\/\/www.facebook.com\/odessa.aero\/posts\/704524863080360\" target=\"_blank\">was also hit<\/a> by a damaging cyberattack on Tuesday, but it&#8217;s unclear if it&#8217;s been hit by Bad Rabbit. <\/p>\n<p> A Group-IB spokesperson said that a &#8220;new mass cyberattack&#8221; Bad Rabbit has targeted Russian media companies Interfax and Fontanka, as well as targets in Ukraine such as the airport of Odessa, the Kiev subway, and the Ministry of Infrastructure of Ukraine.<\/p>\n<p> Kaspersky Lab, a security firm based in Moscow, said that it&#8217;s monitoring the attack.<\/p>\n<div style=\"max-width: 550px;\" data-iframely-id=\"xMlFHyH\" data-embedded-url=\"https:\/\/twitter.com\/jiriatvirlab\/status\/922847129781133312 \" class=\"article__embed article__embed--iframely\">\n<div style=\"left: 0; width: 100%; height: 0; position: relative; padding-bottom: 56.25%;\" data-iframely-smart-iframe=\"true\"><iframe  src= width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/div>\n<\/div>\n<p> ESET, another security company based in the Czech Republic, <a href=\"https:\/\/twitter.com\/jiriatvirlab\/status\/922835700873158661\" target=\"_blank\">confirmed<\/a> that there&#8217;s a live ransomware campaign. The company said in <a href=\"https:\/\/www.welivesecurity.com\/2017\/10\/24\/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware\/\" target=\"_blank\">a blog post<\/a> that at least in the case of the Kiev Metro, the malware is &#8220;a new variant of ransomware known also as Petya.&#8221; NotPetya itself was also a variant of Petya. ESET said it has detected &#8220;hundreds&#8221; of infections. <\/p>\n<p> A researcher from Proofpoint <a href=\"https:\/\/twitter.com\/darienhuss\/status\/922847966767042561\" target=\"_blank\">said<\/a> that Bad Rabbit spread via a fake Adobe Flash Player installer. For now, very few antivirus companies detect Bad Rabbit as malicious, according to malware repository <a href=\"https:\/\/www.virustotal.com\/en\/file\/630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da\/analysis\/\" target=\"_blank\">VirusTotal<\/a>.<\/p>\n<p> This is a developing story, we will update the post when we get more information. <\/p>\n<div data-iframely-id=\"Qb2pASp\" data-embedded-url=\"https:\/\/video.vice.com\/en_us\/video\/motherboard-subterranean-worms-africa-life-on-mars\/59d3a7908a6c297c3d17dc96\" class=\"article__embed article__embed--iframely\">\n<div style=\"left: 0; width: 100%; height: 0; position: relative; padding-bottom: 56.2493%;\" data-iframely-smart-iframe=\"true\"><iframe  src= width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/div>\n<\/div>\n<p class=\"article__blockquote\"> <b> <i> Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzo@jabber.ccc.de, or email <\/i><\/b><a href=\"mailto:lorenzo@motherboard.tv\" target=\"_blank\"><b> <i> lorenzo@motherboard.tv<\/i><\/b><\/a><\/p>\n<p> <b> <i> Get six of our favorite Motherboard stories every day <\/i><\/b><a href=\"http:\/\/motherboard.club\/\" target=\"_blank\"><b> <i> by signing up for our newsletter.<\/i><\/b><\/a><\/p>\n<p><a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/59yb4q\/bad-rabbit-petya-ransomware-russia-ukraine\" target=\"bwo\" >https:\/\/motherboard.vice.com\/en_us\/rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/video-images.vice.com\/articles\/59ef5af194a2003b1dfbee59\/lede\/1508859519072-Screen-Shot-2017-10-24-at-104227-AM.png\"\/><\/p>\n<p><strong>Credit to Author: Lorenzo Franceschi-Bicchierai| Date: Tue, 24 Oct 2017 15:39:49 +0000<\/strong><\/p>\n<p>There\u2019s a potentially massive new ransomware spreading in eastern Europe. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,13328,10378],"tags":[4500,6272,3919,10573,3764,32,3765,251,9581,8642],"class_list":["post-10057","post","type-post","status-publish","format-standard","hentry","category-independent","category-motherboard","category-security","tag-cybersecurity","tag-hackers","tag-hacking","tag-infosec","tag-malware","tag-news","tag-ransomware","tag-russia","tag-tech-news","tag-ukraine"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10057","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10057"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10057\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10057"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}