It has been dubbed Bad Rabbit, but this ransomware attack is potentially more costly than any swarm of killer bunnies your imagination could conjure up.
Bad Rabbit, the latest malware attack swarming across Europe, appears to be one of the biggest since the Petya cyberattack that caused chaos worldwide in June.
Bad Rabbit hit Ukraine and Russia yesterday (24 October), causing flight delays at the former’s Odessa airport. With systems compromised, airline workers had to process passenger data manually.
The metro system in Kiev reported that its payment systems were hacked but trains remained running normally. Russian media outlets were also affected and Interfax, one of Russia’s largest news agencies, said its servers were hit by an “unprecedented virus attack”.
So, what do we know about Bad Rabbit?
Bad Rabbit surfaced in the east
Yesterday, security researchers began observing notifications of mass attacks that hit organisations and consumers in Russia and Ukraine.
Kaspersky Security Network (KSN) described it as a previously unknown ransomware family.
“Most of the targets are located in Russia. Similar but fewer attacks have also been seen in other countries – Ukraine, Turkey and Germany. Overall, there are almost 200 targets, according to the KSN statistics,” Kaspersky Lab said.
Instances of Bad Rabbit have been found in Germany and Turkey, according to Kaspersky. There have also been reports of the virus hitting Poland and South Korea.
How is it distributed?
It is understood that the ransomware was distributed with the help of drive-by attacks.
Drive-by downloads are a common method of spreading malware. Cyber-criminals look for insecure websites and plant a malicious script into HTTP or PHP code on one of the pages. This script may install malware directly onto the computer of someone who visits the site, or it may take the form of an IFrame, which redirects the victim to a site controlled by the cyber-criminals.
No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer.
Bad Rabbit’s creator is a Game of Thrones fan
Believe it or not, it seems that the hacker behind Bad Rabbit is a Game of Thrones fan, making reference to Daenerys Targaryen’s dragons and Grey Worm in the form of two scheduled tasks.
What happens if you are infected?
Computers infected with the malware direct users to a TOR (The Onion Router) domain where they are asked to pay .05 bitcoin (around $276) in exchange for the return of their data. A countdown clock shows the amount of time before the ransom price goes up.
Reports suggest that unlike Petya, Bad Rabbit is not a wiper. That said, giving in to a ransom only encourages the proliferation of this kind of cybercrime – so don’t pay.
Malware researcher Amit Serper claims to have discovered a remedy for Bad Rabbit.
I can confirm – Vaccination for #badrabbit:
Create the following files c:windowsinfpub.dat && c:windowscscc.dat – remove ALL PERMISSIONS (inheritance) and you are now vaccinated. 🙂 pic.twitter.com/5sXIyX3QJl
— Amit Serper (@0xAmit) October 24, 2017