‘Bad Rabbit’ ransomware spreads in Russia and Ukraine

A new strain of malware called ‘Bad Rabbit’ was found in Ukraine and elsewhere on the 24 October 2017, according to Kaspersky Lab.

The ransomware has been targeting organisations and consumers, mostly in Russia but there have also been reports of victims in Ukraine, Turkey and Germany, according to the antivirus and internet security software company.

Kaspersky revealed the ransomware dropper was distributed with the help of drive-by attacks.While the target visits a legitimate website, a malware dropper was downloaded from the threat actor’s infrastructure. No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer.

A number of compromised websites was detected, all of which were news or media websites. Overall the company found almost 200 targets, according to KSN (Kaspersky Security Network) statistics.

Kaspersky Lab said: “We have been proactively detecting the original vector attack since it began on the morning of October 24. The attack lasted until midday, although we are still detecting ongoing attacks.

“Our observations suggest that this been a targeted attack against corporate networks, using methods similar to those used during the ExPetr attack.

“An interesting detail that we noticed when analysing the sample of this threat: it looks like the criminals behind this malware are fans of the famous books and TV show series Game Of Thrones. Some of the strings used throughout the code are the names of different characters from this series (e.g Grey Worm, Drogon).”

Written by Leah Alger