The slew of ransomware cyber attacks being unleashed on countries around the globe continues, and the newest one to be identified is the BadRabbit ransomware.
The latest reports suggest that a major share of the attack is focused on Russia, though other nations are also threatened by it.
The first sign of the ransomware was identified by security experts from the United States who issued an official warning to suggest that Russia and Ukraine, in addition to a couple of other countries, should tighten up their security to avoid an attack from this ransomware.
Cybersecurity experts who managed to unlock the origin of the malware confirmed that the hackers this time have managed to pose as a popular software program.
When a person is leisurely browsing through the internet at home or working in their office, the BadRabbit ransomware will popup randomly. It doesn’t showcase itself as a different software or slow down the PC. Instead, the virus is distributed as an Adobe Flash update.
Whenever an individual receives a simple update notification on their PC, especially from a company as popular as Adobe, they are bound to click on it to allow access to it. Many people use the Adobe Creative Suite—including PhotoShop, Premiere Pro and InDesign—on a daily basis for both work and personal projects.
As soon as you click on the notification and start the presumed update, the BadRabbit ransomware will gain instant access to your PC’s registry keys and the entire operating system. The ransomware will encrypt and take control of all the data stored on the computer, demanding a ransom to be paid in order to get access to the decryption key.
Cyber security experts confirmed that the attack was primarily targeted towards Russian companies and media outlets, as well as Ukrainian transportation systems. Although, traces of the malware were also spotted in other parts of the globe including countries like Japan and Germany.
When the U.S. Computer Emergency Readiness Team (CERT) first spotted the BadRabbit ransomware, the department released a statement that they received multiple ransomware infection reports from different countries around the world.
Apart from delayed flights in Ukraine and operations being impacted in Russia media firms, no major outage had been reported so far as a result of the ransomware outbreak. This comes as a welcome relief to the authorities.
Ransomware outbreaks have become a very common occurrence these days with hackers making use of the information they gain to threaten companies and individuals. Previous instances include WannaCry and Petya/NotPetya, which affected a huge number of government offices, corporate companies and hospitals on a large scale worldwide.
Cyber security experts who had the opportunity to study the BadRabbit ransomware suggest that victims should refrain from paying up the ransom because there is no guarantee the hackers would give back those files they took in the first place.
Interfax, a Moscow-headquartered news agency, reported that their servers had gone down because of the attack. Fontanka, another news outlet in Russia, was also hit with the ransomware.
The pattern allowed experts to confirm that the hackers were primarily targeting news firms for some reason—maybe because they want to get the attention of the government to get their ransom paid quickly.
Some reports come from Germany and Japan, but the numbers of affected parties are far less when compared to Russia and Ukraine.
Interestingly, Cisco Talos security researchers have discovered that whoever is behind the spread of the BadRabbit ransomware appears to have used a tool that was allegedly developed by the U.S. National Security Agency (NSA).
The tool, called EternalRomance, was leaked online back in April. It uses a Microsoft exploit that was patched by the company before EternalRomance was leaked. But the tool can still be used on outdated versions of Windows operating systems.
The hackers now have access to large amounts of sensitive data and files stored in the servers, which may possibly force the affected companies to pay upfront rather than heeding to the advice of the security agents.
Experts suggest that there are clear threads that link the BadRabbit ransomware with previous attacks such as NotPetya, which led to large amounts in ransom being paid so as to gain access to crucial data.
However, the newest ransomware is not on such a massive scale and as U.S. security experts identified it much earlier, BadRabbit is bound to have very little long-term effect for the victims involved.