The name Bad Rabbit will be remembered for quite some time in the cyber arena: it will be mentioned among such notorious examples like WannaCry and Locky. Of course, NotPetya’s virus is the most adequate to refer to while speaking of Bad Rabbit, its origin and possible cyber criminals behind it.
Background information about the Bad Rabbit ransomware virus
On 24th of October, the first reports about a new major crypto-malware outbreak reached security researchers. Eastern Europe and Russia feared while the new threat approached, gradually spreading into United States and South Korea.
Researchers were quick to create links between the new Bad Rabbit and NotPetya: even without the technical analysis, it was evident that the screen-locker victims reported was freakishly similar to the ransomware that broke out in June of 2017. Furthermore, it could have not been a random coincidence that the new ransomware would also target Ukraine.
Reasons to believe NotPetya and Bad Rabbit viruses are created by the same people
The more time passed after the first detections of Bad Rabbit file-encryptor, the number of researchers, supporting the links between NotPetya and Bad Rabbit, significantly increased. While at it first it was assumed that this could have easily been a very brilliant copycat, specialists were more eager to assume that TeleBots were behind both of these global campaigns.
For those who are not aware of the TeleBots hackers, let us refresh you memory. It is a group of cyber criminals that are constantly harassing Ukraine and its institutions. Some would argue: why is Russia the main target of Bad Rabbit malware? It is true that the amount of successful infections is the biggest in Russia. However, the victims of Ukraine are “bigger fishes to fry” as the infection slithered into government institutions, airports, metro systems and other important utilities.
Researchers believe that authors of Bad Rabbit infection took several months to prepare for the attack. They had to inject malicious JavaScripts into websites (to display Flash Player Update) and use it for the distribution of their products.
With a massive global outbreak such as this, it is natural that people begin to speculate all of the possibilities. The natural reason is the desire to acquire money from this vicious virus: no one can argue this. Nevertheless, security researchers are looking at a bigger picture and speculating that maybe the global ransomware attack was just a distraction for a more frightening attack? We can only hope for the best and recommend backup storages. Upload valuable digital information into these utilities and ransomware will no longer be a threat.
Source: threatpost.com.