![fontanka.ru spb fontanka.ru spb](https://static.ngs.ru/news/2017/preview/40805253bc129205dd0ef4318cefe85502b56681_990_792.jpg)
What is Bad Rabbit Targeting? Impacted File Typesīad Rabbit ransomware encrypts the following types of files: remove ALL the inherited PERMISSIONS for the two files created above.Create the following files c:\windows\infpub.dat & c:\windows\cscc.dat.Quick and dirty ways to prevent the payload execution have been found by security researchers (2): BadRabbit then tries to spread through SMB using different methods:.Usage of the commom tool “Mimikatz” to harvest credentials that enables lateral movements in victims’ network.Master Boot Record (MBR) encryption, blocking machine boot procedure.File encryption (list of impacted file extensions can be found below).Once installed the following actions occur on the infected machine: The primo infection is made through an executable download: some popular websites have been compromised to trick visitors into installing a fake flash player update.įor now, the ransom is set at 0.05 BTC (around $290), and is said to raise at a fixed timer. Except for sabotage, motivations may not be the same.īadRabbit has been tied by security researchers to various threat actors, among them BlackEnergy, but deeper investigations will be required in order to confirm this statement.So far, BadRabbit made some 200 victims, far less than the number of victims the NotPetya attack affected.The delivery method differs: while NotPetya was able to execute the malicious file directly on many computers, BadRabbit compromised specific websites to deliver its payload and required user interaction.However, various elements let us think that both campaigns are not that similar in their objectives:
#Fontanka.ru spb code
Reverse-engineering BadRabbit code raises many similarities with NotPetya ransomware. It also has spreading features through SMB protocol. Some victims are also located in the US.īack in August 2017, Security Service of Ukraine (SBU) first raised concerns about a possible future cyber-attack targeting Ukrainian institutions and companies, which suggests that this attack was set up for a long time ago.īadRabbit is a ransomware that encrypts both user’s files and hard drive, restricting access to the infected machine until a ransom in Bitcoin is paid to unlock it. The ransomware spread towards other countries such as Bulgaria, Poland, Germany, Turkey and Japan.
![fontanka.ru spb fontanka.ru spb](https://pbs.twimg.com/media/E2AlMz_WUAIlUJg.jpg)
Since October 24th, our Threat Intelligence team has been collecting many news related to a new family of ransomware named itself “BadRabbit.” This emerging threat seemingly first targeted institutions and companies in Russia and Ukraine, among them media group Interfax, Kiev’s metro system, and Odessa Airport.