More than 200 major organizations in Europe, most of them from Russia, Ukrane, Turkey, and Germany were attacked in the past few hours by this new widespread Ransomware.
This new Petya-like targeted ransomware attack that mainly attacks corporate networks called Bad Rabbit.
The attackers are demanding from the victims about $285 dollars to unlock their systems.
The ransomware was spreader through drive-by download attack according to this initial analysis provided by the Kaspersky. It was done by using a fake Adobe Flash players installer to lure the victims in to install malware unwittingly.
According to Kaspersky Lab, the victims had to manually excecute the malware dropper, with provands to be an Adobe Flash installer. The downloads were done from different websites, most of them are news or media websites.
Other researchers at ESET have detected Bad Rabbit malware as ‘Win32/Diskcoder.D’ which is a new Petya Ransomware. It uses DiskCryptor, which is an open source full drive encryption software to encrypt files on infected computers with RSA 2048 keys.
After the successful attack and the network becomes affected, the Ransom note asks the victim to log into a Tor onion website to make a payment, which giving them a 40 hours countdown before the price of decryption goes up.
Researchers are analyzing the Bad Robbit to see if there is anyway to decrypt computers without paying ransomware and how to stop it from spreading further.
https://thehackernews.com/2017/10/bad-rabbit-ransomware-attack.html
Leave a Reply
You must be logged in to post a comment.