Russia and Ukraine Becoming Victims of the Notorious Bad Rabbit Ransomware
A new strain of ransomware with a name Bad Rabbit spreads through “drive-by attacks” in Russia, Ukraine and elsewhere.
The malware has apparently affected systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city, Kiev.
The cyber-police chief in Ukraine confirmed to the Reuters news agency that Bad Rabbit was the ransomware in question.
Created by Fan of Game of Thrones
Unlike other recent malware epidemics which spread through more passive means, Bad Rabbit requires a potential victim to download. It also requires to execute a bogus Adobe Flash installer file, thereby infecting themselves. It bears similarities to the WannaCry and Petya outbreaks earlier this year.
Whoever created Bad Rabbit appears to be a Game of Thrones fan. Apparently, the malware makes reference to Daenerys Targaryen’s dragons and Grey Worm.
However, it is not yet known how far this new malware will be able to spread.
Head of Russian cyber-security firm Group-IB, Ilya Sachkov, said in some of the companies, the work has been completely paralysed – servers and workstations are encrypted.
Two of the affected sites are Interfax and Fontanka.ru.
Officials Discourage Paying the Ransom
If Bad Rabbit infects your computer, it attempts to spread across the network using a list of usernames and passwords buried inside the malware. Further, these credentials include passwords straight out of the worst passwords list.
Meanwhile, US officials said they had “received multiple reports of Bad Rabbit ransomware infections in many countries around the world”.
The US computer emergency readiness team said it “discourages individuals and organisations from paying the ransom, as this does not guarantee that access will be restored”. Vyacheslav Zakorzhevsky at Kaspersky Lab said based on their data, most of the victims targeted by these attacks are located in Russia,
“We have also seen similar but fewer attacks in Ukraine, Turkey, and Germany.”
Bad Rabbit encrypts the contents of a computer and asks for payment. In this case, it is 0.05 bitcoins, or about $280 (£213). Cyber-security firms, including Russia-based Kaspersky, have said they are monitoring the attack.
Unfortunately, the majority of anti-virus programmes cannot detect Bad Rabbit, according to a virus checking site Virus Total. Moreover, the outbreak bears similarities to the WannaCry and Petya ransomware outbreaks. These outbreaks had spread around the world causing widespread disruption earlier this year.
One security firm, Eset, has said that the malware was distributed via a bogus Adobe Flash update. Researcher Kevin Beaumont has posted a screenshot that shows Bad Rabbit creating tasks in Windows named after the dragons Drogon and Rhaegal in TV series Game of Thrones.
You need to exercise caution when browsing sites. As an added layer of protection, you can get ransomware prevention services for your device.