A large-scale cyber attack was carried out in Russia and Ukraine on 24 October using a new cryptolocker–BadRabbit. Among the victims, this has affected Kiev Metro's computers and servers, the Ministry of Infrastructure and Odessa International Airport, as well as a number of Russian Federation state organizations. Federal news sites and commercial organs included victims in the Russian Federation
=The Bad Rabbit ransomware is the third major assault of its kind in 2017, with the memory of WannaCry and NotPetya still fresh in our minds. Everlasting security firms have already disclosed evidence of a link between the ransomware Bad Rabbit and the ransomware NotPetya. Nevertheless, this time around, the cyber-espionage group called Telebots is spreading the ransomware through fake Adobe Flash Player updates as opposed to leveraging the vulnerability found in the NotPetya attack by the NSA.
In reality, Bad Rabbit is a little more difficult to execute because it allows the victim to grant administrative access to download malicious codes that appear to be an Adobe Flash installer.
To be infected with the ransomware, you must have landed on a compromised site for the first time. In this case, a popup that asks you to download an update for Adobe Flash Player will appear on the website page.
- http://www.fontanka[.]ru
- http://argumenti[.]ru
- http://argumentiru[.]com
The brackets [] are added to prevent. Don't click the links.
As a reported by group-ib.com - Technical Analysis
time. In this case,At first glance, the attack seems to be primarily financially driven. They used bullet proof hosting from Inferno for hosting. On March 22, 2016, the domain name 1dnscontrol.com was registered and is currently being extended. This site is associated with a number of malicious domains, which relate back to 2011.
webcheck01.netwebdefense1.netsecure-check.hostfirewebmail.comsecureinbox.emailsecure-dns1.net
Changes to the encryption algorithm and completely represents that of NotPetya in parts:
Comments
Post a Comment