Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Bad Rabbit: A New Wave of Attacks Using a Cryptographic Virus

DZone's Guide to

Bad Rabbit: A New Wave of Attacks Using a Cryptographic Virus

A week ago a new ransomware hit several areas of Europe, causing a panic. Here's what we know about this new attack.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Image title

Several Russian media and Ukrainian organizations were attacked by the cryptographer Bad Rabbit. In particular, hackers attacked three Russian media outlets, including Interfax and Fontanka.

  • On October 24, a new large-scale cyberattack began with the use of the cryptographer Bad Rabbit. The malicious person has amazed computer networks of the Kiev underground, the Ministry of infrastructure, the International airport "Odessa." Several victims were in Russia - as a result of the attack, the editorial offices of the federal media, such as Interfax and Fontanka, suffered.

Most likely the virus spreads through hacked websites, offering users to install a flash player update:

Image title

Preliminary analysis shows that malware is distributed through a number of infected sites of Russian media. All signs indicate that this is a targeted attack on corporate networks.

  • After entering the victim's computer, the malicious program encrypts the user's files. To restore access to encoded data, it is proposed to pay a redemption of 0.05 bitcoins, which is approximately equivalent to $283 USD. At the same time, attackers warn that in case of delay, the price for decryption will increase.

Image title

Details on the Bad Rabbit distribution pattern are not yet available. It is also not clear whether it is possible to decrypt files. But it is already known that most of the victims of the attack are in Russia. In addition, similar attacks are recorded in Ukraine, Turkey, and Germany, but in a much smaller number.

Image title

On the hacker attack, the press service of the Kiev Metro reported, hackers managed to disrupt the possibility of paying for travel with the help of contactless bank cards. "Attention! Cyberattack! The subway operates in normal mode, except for banking services (payment by contactless bank cards on the yellow turnstile or MasterPass)," the official Kiev Metro account on Facebook says.

  • Attackers ask their victims to follow the link leading to the TOR-site, which starts the automatic counter. After payment, on assurances of malefactors, the victim should receive a personal key for decryption.

While the methods of distribution and fixing in the system are unknown, as well as there is no reliable information about the presence of decryption keys.

Kaspersky Lab employees recommend the following actions:

  • Block the execution of the file c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.

  • Disable (if possible) the use of the WMI service.

  • Make a backup.

  • Do not pay the ransom.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
cryptography ,security ,ransomware ,bad rabbit

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}