Bad Rabbit malware seeks to replicate NotPetya's success

October 25, 2017 // 9:54 a.m.

Tags: #insecurity #malware #notpetya #petya #ransomware #russia #security #ukraine #virus #worm

Security experts are warning of a new outbreak of ransomware, Bad Rabbit, targeting Russian and Ukrainian systems and seemingly based on the virulent NotPetya, though the UK's National Cyber Security Centre (NCSC) says that it has not been reported in the UK.

The NotPetya ransomware, also known by its predecessor's name Petya and PetrWrap, hit systems globally in June this year with considerable success: Within 24 hours of the malware's release it had infected 12,500 Ukrainian systems, its apparent original target, before spreading internationally across 64 countries including the UK.

Now an updated variant seems to be attempting to replicate that success. Bad Rabbit, as the new variant is known, once again began life in Ukraine and Russia, using social engineering to convince users to install what was claimed to be a security update to Adobe's Flash Player software. Once infected, a system is used to spread the malware as a worm by attacking network usernames and passwords based on an internal dictionary. In the background, meanwhile, Bad Rabbit encrypts personal files as well as the master boot record (MBR) of the infected system before popping up a demand for payment in exchange for the decryption key - a key which, if previous ransomware attacks are anything to go by, will likely never be provided whether or not payment is made.

'Organisations in Russia and Ukraine were under siege on Tuesday 24 October 2017 from Bad Rabbit, a strain of ransomware with similarities to NotPetya,' explains Sophos' Bill Brenner of the attack, in his company's announcement of the outbreak. 'By evening, the outbreak was reportedly spreading into Europe, including Turkey and Germany. Victims reported so far include airports, train stations and news agencies. Russia’s Interfax news agency reported on Twitter that the outbreak had felled some of its servers, forcing Interfax to rely on its Facebook account to deliver news.'

Brenner's advice for defensive measures against infection by Bad Rabbit, aside from the obvious plug for Sophos' anti-virus products: ditch Adobe Flash, install operating system and software patches promptly, make regular backups, and do not use your Windows machine with administrator-level privileges.

For now, though, it appears that the UK is getting off lightly. A statement from the National Cyber Security Centre (NCSC) explains: 'We are aware of a cyber incident affecting a number of countries around the world. The NCSC has not received any reports that the UK has been affected by this latest malware attack. We are monitoring the situation and working with our partners to better understand the threat.'


Discuss this in the forums

QUICK COMMENT

Competition: Win a Be Quiet! Bundle and Coolers!

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU