Bad Rabbit is Creeping into Russians’ Computers

A hacker group has copied the codes of the Petya ransomware that struck Ukraine four months ago, which affected major companies like FedEx and Maersk. Bad Rabbit is focused on news media organizations in Russia, although it aims to become a global cyberattack. The Bad Rabbit has been asking its victims to visit a Tor network, names Bad Rabbit, to pay for their files with bitcoin up to 0.05 btc.

Some organizations already by the Bad Rabbit are Kiev Metro Service, Interfex, and Fontaka.ru

The Ukrainian Computer Emergency Response Team mentioned that Odessa Airport has also been affected.

According to Kaspersky Lab, the infections was attached to some Russian media websites – fake Adobe Flash Player, and victims had to click a malicious link on the websites. Head of Russian company’s research team, Costin Raiu mentioned that the attack has started since July, infecting European websites. However, Group-IB has said that the websites were last fiddled with on October 19.

The Bad Rabbit however is not rapidly going global like it supposed predecessor NotPetya, or like WannaCry did. According to teams monitoring the attack, countries affected are Russia, Ukraine,Bulgaria, Turkey, Poland, South Korea and Germany.

Kaspersky has said that earlier this year, around July, they found a news website – bahmut.com.ua, in Ukraine distributing NotPetya which stayed dormant. Following the path, Kaspersky noted that there are more hacked websites back then distributing the dormant NotPetya. However, on Tuesday, all the dormant scripts on the hacked websites changed to a new IP and started distributing the Bad Rabbit ransomware.

Group-IB’s spokesperson Evgeny Gukov, claimed that a faction of Bad Rabbit’s code has a semblance with NotPetya. The difference between both is only that Bad Rabbit used complier, in the initial vector.

The hacking situation is however shady, due to the connection established between NotPetya and the Ukrainian power grids hackers in 2015 and 2016. There is an unpopular assumption that this is sponsored by the Russian government.

SHARE