Bad Rabbit

Bad Rabbit is a ransomware from the year 2017 . The target were mainly Eastern European companies and authorities . Bad Rabbit later spread to other countries.

technology

Bad Rabbit was spread using so-called watering hole attacks , in which web pages that are regularly accessed by the target group are infected with malware that installs itself on the visitor's computer when the page is accessed . In the Bad Rabbit attack, the infected pages contained a script that redirected users to an alleged Flash player installer camouflaged by the filename install_flash_player.exe . Administrator rights of the website visitor for their own computer were required to execute this . After infection with Bad Rabbit were data of the hard disk encrypted. A ransom of 0.05 Bitcoins should be paid for activation , which was equivalent to 280 US dollars in October 2017 . This method is compared to WannaCry and Petya .

Kaspersky found that Bad Rabbit used code passages from other malware, such as the Petya ransomware . The encryption is based on the free software for encrypting hard disks and removable media, DiskCryptor . The Metasploit tool Mimikatz was used to access login data .

history

The main target of the attacks was initially the employees of Eastern European companies and authorities. On October 24, 2017, the Russian news agency Interfax was paralyzed by Bad Rabbit . Odessa Airport in Ukraine , the Kiev Metro , the Ministry of Infrastructure Ukraine and the news portal Fontanka.ru were also affected . Attacks have also been registered in Russia , Ukraine, Turkey , Poland , Denmark , Ireland , Japan , South Korea , the United States and Germany .

Individual evidence

↑ ^a ^b ^c ^d heise Security: Ransomware: Bad Rabbit lurked in watering holes. Retrieved October 30, 2017 .
↑ ^a ^b ^c Kaspersky Lab: Bad Rabbit: A new wave of ransomware is coming. Retrieved October 30, 2017 .
↑ BadRabbit: Ransomware is holding your data hostage! In: computerbild.de . ( computerbild.de [accessed October 30, 2017]).
↑ Alex Hern: Bad Rabbit: Game of Thrones-referencing ransomware hits Europe . In: The Guardian . October 25, 2017, ISSN 0261-3077 ( theguardian.com [accessed October 30, 2017]).
^ Editor CHIP / DPA: Bad Rabbit: First cases of the attack wave in Germany . In: CHIP Online . ( chip.de [accessed October 30, 2017]).
↑ Selena Larson: New ransomware attack hits Russia and spreads around globe . In: CNNMoney . ( cnn.com [accessed October 30, 2017]).

[:0-1] se Security: Ransomware: Bad Rabbit lurked in watering holes. Retrieved October 30, 2017 .

[:1-2] Kaspersky Lab: Bad Rabbit: A new wave of ransomware is coming. Retrieved October 30, 2017 .

[3] BadRabbit: Ransomware is holding your data hostage! In: computerbild.de . ( computerbild.de [accessed October 30, 2017]).

[4] Alex Hern: Bad Rabbit: Game of Thrones-referencing ransomware hits Europe . In: The Guardian . October 25, 2017, ISSN 0261-3077 ( theguardian.com [accessed October 30, 2017]).

[5] Editor CHIP / DPA: Bad Rabbit: First cases of the attack wave in Germany . In: CHIP Online . ( chip.de [accessed October 30, 2017]).

[6] Selena Larson: New ransomware attack hits Russia and spreads around globe . In: CNNMoney . ( cnn.com [accessed October 30, 2017]).