The latest cyber attack to hit the headlines is a new piece of ransomware, which has been dubbed Bad Rabbit.
The malware hides inside an apparent update to Adobe Flash. However, clicking on the link installs the MimiKatz tool, which then scans the user’s computer for login credentials so it can spread to other machines on the network.
According to Professor Bill Buchanan at Napier University’s Cyber Academy, this is different to the last piece of high profile ransomware NotPetya, as it uses password harvesting to propagate itself, rather than the now infamous EternalBlue tech, developed by the NSA.
After it spreads, the malware then uses DiskCrypto to encrypt specific file types, including image, audio and video files (i.e. the stuff most users will care about) before demanding a ransom of 0.05 Bitcoins (approx $280) for decryption.
While it’s not yet clear who’s behind Bad Rabbit Business Insider reports they’re fans of Game of Thrones. The malware contains several references to the fantasy series, including Drogon and Rhaegal and GrayWorm.
According to security experts Kaspersky, Bad Rabbit has already infected several big Russian media outlets, including Interfax and Fontanka.ru. The company also reports that Odessa International Airport has reported on a cyberattack on its information system, though whether it’s not clear whether it’s the same attack.
ZoneFox founder and CEO, Dr Jamie Graves, told DIGIT: “Currently, it’s unclear as to whether or not Bad Rabbit will be able to reap the same damage as WannaCry, but undoubtedly businesses will be holding their breath. The ransomware relies on people downloading a commonly used programme update in order to infect themselves, plus early indications showed many anti-virus systems can’t detect it. This highlights the need for a robust security posture, based on both technology and education.
“These days, companies have to assume that the padlocks they put on the corporate network won’t withstand hacker determination and cunning. They need to adopt the mindset of a stealthy threat hunter in order put themselves on the front foot. WannaCry set the bar for how devastating ransomware can be; Bad Rabbit won’t be the last iteration of malware to try and emulate its ‘success’.”