BadRabbit Ransomware makes Fresh Wave of Attacks in Ukraine and Russia
A ransomware attack struck an international airport in Ukraine as well as 3 media outlets in Russia October 24, 2017 before German IT experts detected it. The malware known as "BadRabbit" seemingly made the biggest scale attack from the time the "NotPetya" attack took place from both the mentioned nation-states prior to spreading to the remaining parts of the globe during July this year.
According to cyber-security specialists from USA and Russia, the PC-virus as well hit Bulgaria and Turkey besides Germany. Researcher Robert Lipovsky from ESET the cyber-security company said that the assaults were unfortunate as their perpetrators fast contaminated crucial infrastructure, especially transport, suggesting the campaign was well-coordinated. The United States Department of Homeland Security sent out an alert about the BadRabbit ransom software which locked up target PCs and demanded ransom payments from victims for the restoration of their systems' access. The attacks didn't seem to target any U.S computer still the general public was advised from making any forcibly asked payments, while asked to report about any contaminations to Internet Crime Complaint Center of the Federal Bureau of Investigation. Scmp.com posted this, October 25, 2017.
Initial assessment of BadRabbit shows that the developers of the malware are professionally skilled while it contains various advanced techniques for making it spread its infection rapidly across the massive PC-networks of governments and corporate houses. According to a tweet by Kevin Beaumont, security researcher, BadRabbit employs one authorized, digitally signed software known as DiskCryptor for blocking access to the victim users' hard drives. Elaborating the malware Kaspersky Labs states an executable file named dispci.exe seemingly is obtained from DiskCryptor while BadRabbit uses it like its disk encryption program.
Simultaneously with BadRabbit, vulnerability in Dynamic Data Exchange of Microsoft Office too was getting exploited for spreading infection via malware-tainted Excel and Word files along with malicious Outlook messages. This is an alert that the Ukrainian Computer Emergency Response Team issued as Boyarchuk from the government of Ukraine pointed out.
It's evident that BadRabbit is a highly targeted threat which is state sponsored or just an insensitive ware designed to gain profit to its perpetrators.
» SPAMfighter News - 30-10-2017