1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

NotPetya ransomware variant 'Bad Rabbit' is spreading fast

By midian182
Oct 25, 2017
Post New Reply
  1. It looks as if 2017 will be remembered as the year of ransomware. Following the worldwide WannaCry attacks in May and the spread of Petya/NotPetya in June, a new type of infection dubbed Bad Rabbit is now making its way through Europe.

    ESET security researchers have identified the file-encrypting software used in the new attacks as Diskcoder.D, a new variant of the NotPetya ransomware. Much like this year’s NotPetya incident, the initial wave of infections is mostly hitting Russia and Ukraine, though instances have appeared in Turkey, Germany, Bulgaria, and other countries.

    Bad Rabbit has infected at least three Russian media organizations, including newswire Interfax and news group Fontanka.ru. Ukraine’s Odessa airport, Kiev Metro, and Ministry of Infrastructure have also been affected.

    "The dangerous aspect is the fact that it was able to infect many institutions which constitute critical infrastructure in such a short timeframe," says ESET malware researcher Robert Lipovsky, "which indicates a well-coordinated attack."

    While researchers have linked Bad Rabbit to NotPetya’s creators, it isn’t spread in the same way. Victims visit booby-trapped legitimate sites, “all of which were news or media websites,” where a malware dropper—a file that launches the malware—is downloaded onto their system. The dropper appears as an Adobe Flash installer, meaning targets are essentially infecting themselves.

    ESET says the ransomware attempts to spread to computers inside the same local network as an infected machine using the Windows data sharing protocol SMB and post-exploitation tool Mimikatz.

    Bad Rabbit infects a number of file types, including the common .doc, .docx., and .jpg. Victims are asked for 0.05 Bitcoins (around $286) if they want the decryption key. A 41-hour timer counts down to the moment when the ransom price goes up. As with all forms of ransomware, paying the money is no guarantee of getting your data back.

    An early vaccine has been released for the ransomware, which should prevent infection.

    Interestingly, there are several references to TV shows and movies in Bad Rabbit’s code. Game of Thrones fans noticed the names of Daenerys Targaryen’s three dragons—Drogon, Rhaegal, and Viserion—appearing in the code, as well as the name of character Grey Worm. Additionally, the default credentials it uses to target computers include the passwords ‘love,’ ’secret,’ ’sex,’ and ‘god.’ According to classic 1995 movie Hackers, these are the four most common passwords—though in reality, the most popular is still ‘123456’.

    Permalink to story.

  2. Uncle Al

    Uncle Al TS Evangelist Posts: 5,667   +4,020

    It's getting to the point that the only way to truly rid your machine is to reformat the drive and start anew. In the future providers like UNIX, ANROID, and the MS OS will have to allow multiple installations so end users don't get burned. Of course, the conspiracy theorist may see this as the big software companies means of gaining more sales, which has yet to be proven or not proven.
  3. Squid Surprise

    Squid Surprise TS Evangelist Posts: 2,599   +1,588

    They actually DO allow multiple installations.... just not unlimited... and if your product key becomes invalid, you can always call MS and they will reactivate it for you...
    Amet Monegro, Reehahs and Tanman377 like this.
  4. lazer

    lazer TS Addict Posts: 261   +60

    And always keep at least two backups of your data, one on an external HD and one in the cloud. I also put really important info on CD's and DVD's (remember them?)

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...