{"id":10062,"date":"2017-10-24T09:30:10","date_gmt":"2017-10-24T17:30:10","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/10\/24\/news-3835\/"},"modified":"2017-10-24T09:30:10","modified_gmt":"2017-10-24T17:30:10","slug":"news-3835","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/10\/24\/news-3835\/","title":{"rendered":"Bad Rabbit: A new ransomware epidemic is on the rise"},"content":{"rendered":"

Credit to Author: Alex Perekalin| Date: Tue, 24 Oct 2017 16:42:49 +0000<\/strong><\/p>\n

The post is being updated as our experts find new details on the malware.<\/b><\/p>\n

We’ve already seen two large-scale ransomware attacks this year \u2014 we’re talking about the infamous WannaCr<\/a>y and ExPetr<\/a> (also known as Petya and NotPetya). It seems that a third attack is on the rise: The new malware is called Bad Rabbit \u2014 at least, that’s the name indicated by the darknet website linked in the ransom note.<\/p>\n

\"badrabbit<\/a> <\/p>\n

What is known at the moment is that Bad Rabbit ransomware has infected several big Russian media outlets, with Interfax news agency and Fontanka.ru among the confirmed victims of the malware. Odessa International Airport has reported on a cyberattack on its information system, though whether it’s the same attack is not yet clear.<\/p>\n

The criminals behind the Bad Rabbit attack are demanding 0.05 bitcoin as ransom \u2014 that’s roughly $280 at the current exchange rate.<\/p>\n

\"\"<\/a> <\/p>\n

Details of the attack and its mechanism of spreading are still to be investigated, and whether it’s possible to get back files encrypted by Bad Rabbit (either by paying the ransom or by using some glitch in the ransomware code) isn’t yet known. Kaspersky Lab antivirus experts are investigating the attack, and we will be updating this post with their findings.<\/p>\n

According to our data, most of the victims of these attacks are located in Russia. We have also seen similar but fewer attacks in Ukraine, Turkey, and Germany. This ransomware has infected devices through a number of hacked Russian media websites. Based on our investigation, this is a targeted attack against corporate networks, using methods similar to those used in the ExPetr attack. However, we cannot confirm it is related to ExPetr. We continue our investigation.<\/p>\n

Kaspersky Lab’s products detect the attack with the following verdicts: UDS:DangerousObject.Multi.Generic (detected by Kaspersky Security Network), PDM:Trojan.Win32.Generic (detected by System Watcher) and Trojan-Ransom.Win32.Gen.ftl.<\/p>\n

<\/p>\n

To avoid becoming a victim of Bad Rabbit:<\/p>\n

Users of Kaspersky Lab products:<\/p>\n