CATEGORIES
home News

Bad Rabbit Ransomware Sweeps Across Europe And Russia Infecting Media Outlets, Airports

by Shane McGlaunWednesday, October 25, 2017, 07:40 AM EDT

This has been a bad year for wide-scale ransomware attacks, where malware encrypt a user's computer and demands payment to unlock the machine. The two major ransomware attacks that have happened in 2017 include WannaCry and ExPetr (or Petya and NotPetya as they were also called). The hackers behind WannaCry cashed out their bitcoin ransom in August netting about $143,000. The year is almost over, but another major ransomware attack is underway and it is called Bad Rabbit.

badrabbit

Kaspersky says that Bad Rabbit has infected several major Russian media outlets with Interfax and Fontanka.ru news agencies being among the first confirmed victims. Odessa International Airport has also reportedly stated it has been victim of a cyber attack, but at this time it's unclear if Bad Rabbit is the source of that attack.

Once a machine is infected, the ransom note associated with Bad Rabbit is asking for a ransom of 0.05 bitcoin, which is about $280 at the current exchange rate. Perhaps the most nerve racking part about Bad Rabbit, according to Kaspersky, is that it doesn't attack using exploits.

Kaspersky's Alex Perekalin writes, "According to our findings, the attack doesn’t use exploits. It is a drive-by attack: Victims download a fake Adobe Flash installer from infected websites and manually launch the .exe file, thus infecting themselves. Our researchers have detected a number of compromised websites, all news or media sites."

That means all you need to do is visit the infected websites and your machine could be infected. It's not clear at this time if it's possible to get the encrypted files back either by paying the ransom or by exploiting some glitch in the ransomware code to unencrypt the files. Kaspersky Labs notes that it is currently investigating the ransomware and will post more information as it's available.

Perekalin writes, "According to our data, most of the victims of these attacks are located in Russia. We have also seen similar but fewer attacks in Ukraine, Turkey, and Germany. This ransomware has infected devices through a number of hacked Russian media websites. Based on our investigation, this is a targeted attack against corporate networks, using methods similar to those used in the ExPetr attack. However, we cannot confirm it is related to ExPetr."

Kaspersky Labs says that to help prevent infection you can block the execution of files c:\windows\infpub.dat and c:\windows\cscc.dat. You can also disable WMI service to prevent malware from spreading across a network. 

Tags:  Malware, Kaspersky, Ransomware, bad rabbit
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment