Subscribe
About
  • Home
  • /
  • Malware
  • /
  • Devastating ransomware Petya returns as 'Bad Rabbit'

Devastating ransomware Petya returns as 'Bad Rabbit'

Devastating ransomware Petya returns as "Bad Rabbit".
Devastating ransomware Petya returns as "Bad Rabbit".

Earlier this week, a ransomware variant known as Bad Rabbit appeared in Europe, affecting over 200 organisations in Russia, Ukraine, Turkey and Germany. The ransomware, bearing a striking resemblance to global cyber attack Petya, has left the fear of a new global cyber attack hovering over organisations around the world.

What is Bad Rabbit?

Although Bad Rabbit shares some similarities with WannaCry and Petya, this variant almost certainly won't reach the same propagation levels as those attacks. It has been distributed via compromised Web pages that request the user to install a false Flash Player update. Once installed, it blocks access to the computer's data and demands a ransom.

As was the case with WannaCry and Petya, Bad Rabbit ransomware encrypts the content of the computer and requires a payment for its release, in this case, 0.05 bitcoins - around R4 000.

What makes this malware more dangerous than a typical ransomware with a similar distribution is its ability to spread across the company's internal network. Panda Security's malware research facility, PandaLabs, has thoroughly analysed and categorised this threat, defining it as W32/Ransom.G.Worm. These are the primary files that it is comprised of (MD5 - file name):

fbbdc39af1139aebba4da004475e8839 - install_flash_player.exe
1d724f95c61f1055f0d02c2154bbccd3 - C:\Windows\infpub.dat
b14d8faf7f0cbcfad051cefe5f39645f - C:\Windows\dispci.exe

Its predecessor GoldenEye/Petya originally appeared to be a WannaCry-style ransomware, but an in-depth analysis revealed its authors did not really intend to release the hijacked data, but rather to completely destroy it. In this new case, however, PandaLabs verified the data is "kidnapped", and the attack is financially motivated.

Protection through a new paradigm of security

Since this attack first appeared on the night of 24 October in Europe, PandaLabs was able to issue alerts on its first attempts. By leveraging Panda Adaptive Defense technology and big data analytics, Panda Security was able to prevent Bad Rabbit's attack for all of its clients, even without the client having to install updates.

A new paradigm of security, which incorporates continuous monitoring of absolutely all running processes, as well as advanced prevention, detection and remediation capabilities, allowed Adaptive Defense to detect and block the attack before it attempted to activate itself.

Panda Security continues to position itself as the most efficient advanced cyber security provider on the market.

Share

Editorial contacts