• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Caution Now: New Ransom-ware$$ Attack = BAD RABBIT

HongKanSeng

HongKanSeng

Alfrescian
Loyal
Joined
Aug 27, 2008
Messages
946
Points
28
http://www.zdnet.com/article/bad-ra...riant-of-petya-is-spreading-warn-researchers/

Bad Rabbit ransomware: A new variant of Petya is spreading, warn researchers
Updated: Organisations in Russia, Ukraine and other countries have fallen victim to what are thought to be a new variant of ransomware.


By Danny Palmer | October 24, 2017 -- 16:07 GMT (00:07 GMT+08:00) | Topic: Security TV - Video Series





Bad Rabbit, a ransomware infection thought to be a new variant of Petya, has apparently hit a number of organisations in Russia and Ukraine.

In a tweet, Russian cyber security firm Group-IB said that at least three media organisations in the country have been hit by encrypting malware.

At the same time Russian news agency Interfax said its systems have been affected by a 'hacker attack'.

"Interfax Group's servers have come under a hacker attack. The technical department is taking all measures to resume news services. We apologize for inconvenience." Interfax said in a statement.

badrabbit.png

Bad Rabbit ransom note

Image: Kaspersky Lab
On Facebook, Interfax said it had been it by a "virus" and that it is taking "technical measures" to restore systems


Meanwhile, several Ukrainian organisations have posted about systems failing - payment systems on the Kiev Metro appear to have fallen victim, while in a statement on its Facebook page, Odesea International Airport says its information system has been hit by hackers.

"We inform that the information system of the International Airport "Odessa" suffered a hacker attack," reads a translation of the post.

CERT-UA, the Computer Emergency Response Team of Ukraine, also posted the "possible start of a new wave of cyber attacks to Ukraine's information resources" as reports of Bad Rabbit infections started to come in.


Cybersecurity researchers at ESET are among those monitoring the attack and have identified the ransomware encrypting some computers to be Diskcoder.D, -- a new variant of ransomware known also as Petya, a particularly vicious form of file-encrypting malware which hit organisations around the globe in June.

ESET say the ransomware is being spread by a fake Flash update using EternalBlue - the same leaked NSA exploit which aided the spread of WannaCry and Petya. EternalBlue leverages a version of Windows' Server Message Block (SMB) networking protocol in order to laterally spread through networks

Bad Rabbit also uses the Mimikatz tool to extract credentials from affected systems.

"ESET's telemetry has detected hundreds of occurrences of Diskcoder.D. Most of the detections are in Russia and Ukraine, however, also there are reports of computers in Turkey, Bulgaria and other countries are affected," it said.

Kaspersky Lab researchers say the cryptography behind this ransomware is called Bad Rabbit - victims are sent to a page with the same title on Tor in order to pay a ransom of 0.05 Bitcoins ($286) to get their files back. The note also features a timer counting down from just over 41 hours, telling the user they need to pay within that time or face the ransom going up.

Researchers also note that Bad Rabbit uses attack methods "similar" to June's Petya attack - but as of yet haven't confirmed a link with the previous incident, or if it has the capability to spread as widely.

A number of security vendors say their products protect against Bad Rabbit. But for those who want to be sure they don't potentially fall victim to the attack, Kaspersky Lab says users can block the execution of file 'c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.' in order to prevent infection.

More on this story as it develops

READ MORE ON CYBER CRIME

 
Leongsam said:
No Macs affected? :cool:
Click to expand...
You use MS you asked for it!

More info here on the fucking bad ass rabbit:

http://www.zdnet.com/article/bad-ra...to-know-about-the-latest-ransomware-outbreak/


Bad Rabbit: Ten things you need to know about the latest ransomware outbreak
It's the third major outbreak of the year - here's what we know so far.


By Danny Palmer | October 25, 2017 -- 10:59 GMT (18:59 GMT+08:00) | Topic: Security




istock-cute-bunny.jpg

Bad Rabbit ransomware is spreading.

Image: iStock
A new ransomware infection has hit a number of high profile targets in Russia and Eastern Europe.

Dubbed Bad Rabbit, the ransomware first started infecting systems on Tuesday 24th October and the way in which organisations appear to have been hit simultaneously immediately drew comparisons to this year's WannaCry and Petya epidemics.

Following the initial outbreak, there was some confusion about what exactly Bad Rabbit is, but now the initial panic has died down, it's possible to dig down into what exactly is going on.

1. The cyber attack has hit organisations across Russia and Eastern Europe

Organisations across Russian and Ukraine- as well as a small number in Germany, and Turkey have fallen victim to the ransomware. Researchers at Avast say they've also detected it in Poland and South Korea.


Russian cyber security form Group-IB confirmed at least three media organisations in the country have been hit by file-encrypting malware, while at the same time Russian news agency Interfax said its systems have been affected by a "hacker attack" - the organisation systems seemingly knocked offline by the incident.

Other organisations in the region including Odessa International Airport and the Kiev Metro also made statements about falling victim to a cyber attack, while CERT-UA, the Computer Emergency Response Team of Ukraine, also posted that the "possible start of a new wave of cyberattacks to Ukraine's information resources" had occurred, as reports of Bad Rabbit infections started to come in.

At the time of writing, it's thought there's almost 200 infected targets and indicating that this isn't an attack like WannaCry or Petya was - but it's still causing problems for infected organisations.


"The total prevalence of known samples is quite low compared to the other "common" strains," said Jakub Kroustek, Malware Analyst at Avast.

2. It's definitely ransomware

Those unfortunate to fall victim to the attack quickly realised what had happened because ransomware isn't subtle - it presents victims with a ransom note telling them their files are "no longer accessible" and "no one will be able to recover them without our decryption service".

Bad Rabbit ransom note.

Image: ESET
Victims are directed to a Tor payment page and are presented with a countdown timer. Pay within the first 40 hours or so, they're told and the payment for decrypting files is 0.05 Bitcoins - around $285. Those who don't pay the ransom before the timer reaches zero are told it will go up and they'll have to pay more.

Bad Rabbit payment page.

Image: Kaspersky Lab
The encryption uses DiskCryptor, open source legitimate and software used for full drive encryption. Keys are generated using CryptGenRandom and then protected by a hardcoded RSA 2048 public key.

3. It's based on Petya/Not Petya

If the ransom note looks familiar, that's because it's almost identical to the one victims of June's Petya outbreak saw. The similarities aren't just cosmetic either - Bad Rabbit shares behind-the-scenes similarities with Petya too.

Analysis by researchers at Crowdstrike has found that BadRabbit and NotPetya's DLL (Dynamic Link Library) share 67% of the same code, indicating the two ransomware variants are closely related, potentially even the work of the same threat actor.

4. It spreads via a fake Flash update on compromised websites

They main way Bad Rabbit spreads has been identified as drive-by downloads on hacked websites. No exploits are used, rather visitors to compromised websites - some of which have been compromised since June - are told that they need to install a Flash update. Of course, this is no Flash update, but a dropper for the malicious install.

A compromised website asking a user to install a fake Flash update which distributes Bad Rabbit.

Image: ESET
Infected websites - mostly based in Russia, Bulgaria, and Turkey - are compromised by having JavaScript injected in their HTML body or in one of their .js files.

5. It can spread laterally across networks...

Much like Petya, Eternal Rabbit comes with a potent trick up its sleeve in that it contains an SMB component which allows it to move laterally across an infected network and propagate without user interaction, say researchers at Cisco Talos.

What aids Bad Rabbit's ability to spread is a list of simple username and password combinations which it can exploit to brute force its way across networks. The weak passwords list consist of a number of the usual suspects for weak passwords such as simple number combinations and 'password'.

6. ... but it doesn't use EternalBlue

When Bad Rabbit first appeared, some suggested that like WannaCry, it exploited the EternalBlue exploit to spread. However, this now doesn't appear to be the case.

"We currently have no evidence that the EternalBlue exploit is being utilized to spread the infection," Martin Lee, Technical Lead for Security Research at Talos told ZDNet.

7. It may not be indiscriminate

At this stage following the WannaCry outbreak, hundreds of thousands of systems around the world had fallen victim to ransomware. However, Bad Rabbit doesn't appear to indiscriminately infecting targets, rather researchers have suggested that it only infects selected targets.

"Our observations suggest that this been a targeted attack against corporate networks," said Kaspersky Lab researchers.

Meanwhile, researchers at ESET say instructions in the script injected into infected websites "can determine if the visitor is of interest and then add content to the page" if the target is deemed suitable for infection.

However, at this stage, there's no obvious reason why media organisations and infrastructure in Russia and Ukraine has been specifically targeted in this attack.

8. It isn't clear who is behind it

At this time, it's still unknown who is distributing the ransomware or why, but the similarity to Petya has led some researchers to suggest that Bad Rabbit is by the same attack group - although that doesn't help identify the attacker or the motive either, because the perpetrator of June's epidemic has never been identified.

What marks this attack out is how it has primarily infected Russia - Eastern Europe cyber criminal organisations tend to avoid attacking the 'motherland', indicating this unlikely to be a Russian group.

9. It contains Game of Thrones references

Whoever it behind Bad Rabbit, they appear to be a fan of Game of Thrones: the code contains references to Viserion, Drogon, and Rhaegal, the dragons which feature in television series and the novels it is based on.The authors of the code are therefore not doing much to change the stereotypical image of hackers being geeks and nerds.

References to Game of Thrones dragons in the code.

Image: Kaspersky Lab

10. You can protect yourself against becoming infected by it

At this stage, it's unknown if it's possible to decrypt files locked by Bad Rabbit without giving in and paying the ransom - although researchers say that those who fall victim shouldn't pay the fee, as it will only encourage the growth of ransomware.

A number of security vendors say their products protect against Bad Rabbit. But for those who want to be sure they don't potentially fall victim to the attack, Kaspersky Lab says users can block the execution of file 'c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.' in order to prevent infection.

READ MORE ON RANSOMWARE

 
Annie one with hare brain will know this is pok kai America evil deeds
 
You must log in or register to reply here.

Similar threads

disconsolate
HomeTeamNS servers hit by ransomware attack
Replies
2
Views
169
millim6868
M
disconsolate
sony tio hacked again
Replies
0
Views
640
disconsolate
disconsolate
duluxe
[Alert!] CCP’s cyber army is invading critical U.S. services
Replies
1
Views
810
duluxe
duluxe
disconsolate
Huge data leak dubbed the 'Mother of all Breaches' sees 26 BILLION records leaked from sites including Twitter, Linkedin, and Dropbox - here's how to
Replies
2
Views
1K
eatshitndie
eatshitndie
Cottonmouth
Airhead Jo Teo - Singapore ‘gravely concerned’ over cyber attacks against Ukraine
Replies
6
Views
1K
Devil Within
Devil Within
Back
Top