Ransomware 'Bad Rabbit' hits computers in Europe

Posted October 26, 2017

The ransomware has been targeting organisations and consumers, mostly in Russian Federation but there have also been reports of victims in Ukraine, Turkey and Germany, according to the antivirus and internet security software company. It is also showing signs of spreading to other countries.

BBC said USA officials confirmed receiving "multiple reports of Bad Rabbit ransomware infections in many countries around the world". Now the cyber world's attention is focused to Bad Rabbit (Diskcoder.D) ransomware.

The scale of the ransomware threat was highlighted previous year when a Los Angeles hospital paid almost $17,000 in bitcoins to hackers who disabled its computer network.

Ransomware is malicious software that infects a computer or network and then restricts access to network files until a ransom is paid to unlock it. That malware was basically impossible to remove, even for users who attempted to actually pay the ransom, leading to suspicions it had been created more to cause damage and destruction than raise revenue for its developers. Interfax confirmed on Twitter that it was impacted by the attacks.

Most of the victims were located in Russian Federation, but attacks were also observed in Ukraine, Turkey, and Germany.

Compared to the recent spate of ransomware attacks, Bad Rabbit's efficacy and severity fall fairly low on the spectrum - with reports suggesting the attack does not wipe users' files like the Petya attack, nor using system-level exploits in the Windows operating system like the WannaCry attack. The majority of incidents have been recorded in Russian Federation and Ukraine.

"Intel is that BadRabbit and NotPetya DLL ( dynamic link library) share 67% of the same codebase, which makes it likely that the same threat actor is behind both attacks", says Meyers. The source of that attack remains unidentified.

Cybersecurity experts warned officials from local and state government, local police departments, non-profit organizations and small businesses on Wednesday that a ransomware attack known as Bad Rabbit began spreading across Europe on Tuesday and could target American organizations in the next two weeks. Kaspersky researcher Costin Raiu told Forbes magazine that a network of hacked sites initially linked to NotPetya in July was now being used to host secondary distribution channels for Bad Rabbit. Code used in the malware contains the names of different characters from the series.

"Where endpoints are not yet updated to detect these zero-day attacks, cloud app threat protection can serve as an organization's first line of defense". There have also been reports of the virus hitting Poland and South Korea.

According to malware researcher James Emery-Callcott, the ransomware campaign is slowly dying down.

So far there haven't been any attacks seen in the UK. "Fake Flash updates are an incredibly popular method of distributing malware these days. In that case, what we have seen is that a popup asking to download an update for Flash Player is shown in the middle of the page".