New wave of hacker attacks covered from four countries

Sergey Konkov  TASS

The company says most victims are in Russia, and experts think the ransomware appears infected devices through the hacked Russian media websites. Overall the company found nearly 200 targets, according to KSN (Kaspersky Security Network) statistics. The evil code then uses the legit open-source Mimikatz tool to extract file server login credentials out of the computer's memory - as used by the NotPetya ransomware in June - and uses those details, along with some hardcoded password guesses, to worm its way through SMB shares on the network.

USA cybersecurity analysts have issued a warning about a new malware attack called Bad Rabbit, which they said originated in Russian Federation and is spreading globally.

One thing that we can discern so far is the hackers behind the attacks seem to be Game of Thrones fans, as at least four scheduled tasks within the ransomware are named after the popular series (Viserion, Drogon, Rhaegal and GrayWorm).

Later in the day, Russian cyberforensics company Group-IB, which prevents and investigates cybercrimes has recorded cyberattacks using the BadRabbit cryptographic virus on a number of Russian media outlets.

Preliminary analysis indicates the malware is professionally developed and incorporates a variety of advanced measures created to allow it to rapidly infect large government and corporate networks.

Amit Serper, a malware researcher at Cybereason, said on Twitter that he'd found a way to immunize a computer against Bad Rabbit infection.

BadRabbit may also have spread to Turkey, Bulgaria and beyond, and is a variant of Diskcoder, according to researchers at ESET. Dubbed as Bad Rabbit by researchers, initial reports suggest the ransomware is similar to the NotPetya outbreak earlier this year. According to ESET, the method used to distribute Bad Rabbit was through drive-by download, where Javascript is injected into website's HTML body or a JS file.

Once Bad Rabbit infects a computer, it displays a message in orange letters on a black background. The damage was worsened by the fact that the creators of the ransomware didn't fulfill their end of the bargain: Users who paid the bitcoin ransom for NotPetya said that they never received a working decryption key for their computers. But security firms and governments have asked victims not to pay the ransom, as there is no guarantee if the data will be decrypted after payment. The NotPetya malware was written in a way that made recovery just about impossible, a trait that has stoked theories that the true objectives of the attackers was to wipe data in an act of sabotage, as opposed to generate revenue from ransomware. This price will keep going up the longer a victim delays paying the ransom. Microsoft has provided some useful guidance here network administrators can follow to protect their organizations against Bad Rabbit.

Related:

  • Former production assistant becomes latest Harvey Weinstein accuser

    Former production assistant becomes latest Harvey Weinstein accuser

    He asked to perform oral sex on her and she refused, but he persisted and she "froze", allowing him to continue. The lawsuit adds: "Again, Weinstein displayed persistence and would not take no for an answer".
    Reality star falls through stage in brutal awards show gaffe

    Reality star falls through stage in brutal awards show gaffe

    While speaking about the hilarious (sorry, Gemma) incident, the TOWIE star also seemed to hint that she might be taking legal action.
    Match against Mali should have been postponed: Ghana coach

    Match against Mali should have been postponed: Ghana coach

    Traore seized on the mistake, making use of the sodden pitch holding up possession, and drove forward towards the penalty area. He was brought on in the 55 minute but by then it was too late as Mali had mentally drained Ghana with their tactics.
  • Android 8.1 Developer Preview is now available for Pixels and Nexuses

    Android 8.1 Developer Preview is now available for Pixels and Nexuses

    Both the devices offer an incremental upgrade over their predecessor and promise Pixel exclusive software features. Google is sticking with the single camera and proves that great things can be done without a dual camera.
    National Football League  expects Kaepernick invite to next players' meeting

    National Football League expects Kaepernick invite to next players' meeting

    Colin Kaepernick may not play another down in the National Football League, but that's not stopping him from making his bread. While it's unclear how the league could allow Kaepernick back into the NFL while he has a collusion case filed against them.
    Manchester United's Marcus Rashford available for trip to Huddersfield Town

    Manchester United's Marcus Rashford available for trip to Huddersfield Town

    Mourinho instructed his players to put pressure on the stopper, who only turned 18 in August, from set pieces in the hope that he would make an error which might prove so very crucial.
  • The Piano Man Billy Joel, 68, welcomes baby number three

    The Piano Man Billy Joel, 68, welcomes baby number three

    The website says Joel's eldest daughter, 31-year-old Alexa Ray Joel , was at her father's side for the delivery. Washington D.C [USA], October 24: " Piano Man " singer Billy Joel has become a father for the third time.
    MCD) — McDonald's Corporation (NYSE

    MCD) — McDonald's Corporation (NYSE

    Regal Investment Advisors Llc increased Alphabet Inc stake by 2,630 shares to 3,034 valued at $2.76 million in 2017Q2. The fast-food giant reported $1.62 EPS for the quarter, beating the Zacks' consensus estimate of $1.49 by $0.13.
    Penn State beats MI , 42-13

    Penn State beats MI , 42-13

    The Wolverines return to the Big House next weekend for a matchup against Rutgers as they look to right the ship. Coming out of a bye week, Penn State was itching to get the ball rolling early against the Michigan Wolverines .
  • Bharatmala Phase-1 will change economy of country : Gadkari

    Bharatmala Phase-1 will change economy of country : Gadkari

    In the first phase, work will be completed between NH-1 and NH-8 while the second phase will connect NH-8 with NH-10 and NH-2. Gadkari, however, admitted that land acquisition for this massive highway expansion program will be "tough and complicated".
    Sensex, Nifty End Modestly Higher On Earnings Optimism

    Sensex, Nifty End Modestly Higher On Earnings Optimism

    The Nifty PSU bank index was trading 1.1 per cent higher, having fallen 1.4 per cent this month, up to Monday's close. Similarly, the wider 50-scrip Nifty of the National Stock Exchange (NSE) provisionally closed on a positive note.
    Taylor Swift Is A Sexy Cyborg In

    Taylor Swift Is A Sexy Cyborg In

    While Taylor has turned comments off on Instagram , fans flocked to Twitter to discuss her nude scene. But then again, if we're learning anything from her new music, it's to expect the unexpected.

Comments

Other news