Bad Rabbit crypto ware attack: New virus hitscompanies in Russia, Turkey, Germany & Ukraine
© Kaspersky Lab
Another worldwide digital infection assault started on Tuesday and focused on corporate systems for the most part in Russia, Cybersecurity Company Kaspersky Lab said. Various organizations in Germany, Turkey, and Ukraine have been influenced on a littler scale.
“Our perceptions demonstrate that most of the assault’s casualties are situated in Russia. We’re additionally enrolling comparative assaults in Ukraine, Turkey, and Germany, however on a significantly littler scale. The malware spreads through various bargained sites of Russian media outlets,” the organization said in its blog.
The new infection gives off an impression of being named ‘BadRabbit,’ as indicated by a darknet page where the subtle elements on recover for the encoded documents were posted. The underlying payoff is 0.05 Bitcoin ($300), however the infection includes a clock and guarantees to raise the cost if the payment isn’t paid in time.
© Kaspersky Lab
Bad Rabbit cryptoware attack: New virus
The attacks were reported by the Interfax news agency and Fontanka.ru news outlet, as well as by the subway system in the Ukrainian capital, Kiev, and the airport of Odessa. The new cryptoware appears to be deliberately targeting corporate networks, according to Kaspersky Lab.
“Algorithms similar to the ExPetr attack are being used, but we cannot confirm links to ExPetr. We’re still studying the situation,” Kaspersky Lab stated, referring to a major cryptoware attack which hit a number of companies in Russia and Ukraine back in June.
Kaspersky Lab advised those who do not use anti-virus products to restrict execution of certain files (C:\Windows\infpub.dat, C:\Windows\cscc.dat) and shut down the Windows Management Instrumentation (WMI) service.
“In 2017 two major cryptoware epidemics have been registered – we’re talking about the notorious WannaCry and ExPetr (also known as Petya and NotPetya), and now the third one appears to begin,”Kaspersky Lab said.
The WannaCry attack occurred in May and affected up to 300,000 people in more than 150 countries, infecting a number of major companies and institutions, such as the UK’s National Health Service (NHS) and Spanish telecommunications firm Telefonica.
The source of the attack remained undetermined, but earlier this month the head of Microsoft, Brad Smith, pinned the blame for it on North Korea, which allegedly used cyber tools or weapons that were stolen from the National Security Agency in the United States. The top executive, however, did not provide evidence to back his claims.
The Petya family ransomware attack followed WannaCry in June, affecting government and private networks and metro systems in Ukraine. A number of companies were also affected worldwide.
The US government has issued a warning on the BadRabbit attack, urging users not to utilize the unsupported and outdated software. According to the US Computer Emergency readiness team (US-CERT), the virus might be a new variant of the Petya family ransomware.
“US-CERT has received multiple reports of Bad Rabbit ransomware infections in many countries around the world,” US-CERT said in a statement, adding, that it “discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored.”
© Kaspersky Lab