Bad Rabbit: New Petya-like Ransomware Rapidly Spreading Across Europe

bad-rabbit-ransomware-attack
A new widespread ransomware attack is spreading like wildfire around Europe and has already affected over 200 major organisations, primarily in Russia, Ukraine, Turkey and Germany, in the past few hours.

Dubbed "Bad Rabbit," is reportedly a new Petya-like targeted ransomware attack against corporate networks, demanding 0.05 bitcoin (~ $285) as ransom from victims to unlock their systems.

According to an initial analysis provided by the Kaspersky, the ransomware was distributed via drive-by download attacks, using fake Adobe Flash players installer to lure victims' in to install malware unwittingly.

"No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer. We’ve detected a number of compromised websites, all of which were news or media websites." Kaspersky said.

Meanwhile, security researchers at ESET have detected Bad Rabbit malware as 'Diskcoder.D' — a new variant of Petya ransomware.
ESET believes the new wave of ransomware attack is using EternalBlue exploit — the same leaked SMB vulnerability which was used by WannaCry and Petya ransomware to spread through networks.

Along with a hardcoded list of commonly used credentials, Bad Rabbit ransomware also uses the Mimikatz tool, an excellent post-exploitation tool, to extract credentials from the affected systems.

The affected organisations include Russian news agencies Interfax and Fontanka, payment systems on the Kiev Metro, Odessa International Airport and the Ministry of Infrastructure of Ukraine.

The ransom note, shown above, asks victims to log into a Tor hidden website to make the payment, which displays a countdown of 40 hours before the price of decryption goes up.

This is a developing story and stay tuned for updated information.

Source: feedproxy.google.com
Bad Rabbit: New Petya-like Ransomware Rapidly Spreading Across Europe Bad Rabbit: New Petya-like Ransomware Rapidly Spreading Across Europe Reviewed by Unknown on 12:09 PM Rating: 5