It has been a year of ransomware. Yet, various cybersecurity agencies and anti-malware companies across the globe have failed to avert them. Although, these agencies cannot be directly blamed for not averting cyberattacks. Hackers are able to take advantage about your computer illiteracy. Antivirus companies and cybersecurity are advising people to use services only from a verified source. Yet, the people using the internet can be easily targeted through attacks like phishing, Man-In-The-Middle and spam calls/emails. Ethical hackers point out that in most cases victims were not able to identify verifiable domain name or they downloaded the fake software from unverified source.
We have already seen two large scale ransomware attacks this year. The WannaCry ransomware and Petya ransomware created panic globally forcing governments across the globe to issue public advisories. The Indian Cyber Emergency Response Team under Ministry of Electronics and Information Technology issued a threat alert for third large-scale ransomware attack of the year. According to the darknet, the new malware is named as Bad Rabbit Ransomware.
Cyber Experts claim that Bad Rabbit ransomware has infected several big Russian media outlets, with Interfax news agency and Fontanka.ru among the confirmed victims of the malware. Odessa International Airport, Ukraine has reported on a cyber attack on its information system, though whether it’s the same attack is not yet clear.
The Indian Computer Emergency Response Team (CERT-In) has issued a medium severity alert for Bad Rabbit, a ransomware that spread in Ukraine, Bulgaria, Turkey and Japan. A major portion of the targets was in Russia. The ransomware infects a machine by pretending to be an Adobe Flash Installer, then spreads through the network through open server message block shares, dropping malware through a hardcoded list of credentials.
According to Talos Cisco Intelligence, a fake adobe flash player is delivered by the ongoing download which compromises the system. The sites which were seen redirecting to Bad Rabbit Ransomware are the variety of fake websites registered in Russia, Bulgaria and Turkey. When users visited one of the compromised websites, they were redirected to When users visited one of the compromised websites, they were redirected to 1dnscontrol[.]com, the site which was hosting the malicious file., the site which was hosting the malicious file. The site has now been taken down. Talos says Bad Rabbit ransomware uses a similar code as Petya ransomware.
According to research by ESET, 65 percent of the affected systems were in Russia, with only 2.4 percent of the infections occurring outside Russia, Ukraine, Turkey, Bulgaria or Japan. Many of the systems were affected at the same time, which indicates that the attackers already had a foothold inside the companies. Various systems in India are at risk. I personally got to know about Bad Rabbit Ransomware at my bank. IT division of State Bank of India has informed all its employees about the spread of Bad Rabbit Ransomware to avert any vital information leaks.
The criminals behind the Bad Rabbit attack are demanding 0.05 bitcoin as ransom — that’s roughly Rs 18,200 at the current exchange rate. Whether it’s possible to get back files encrypted by Bad Rabbit (either by paying the ransom or by using some glitch in the ransomware code) isn’t yet known. If your system is attacked, do not share any vital information regarding payments with cybercriminals. Be Cautious!
– Chaitanya Kulkarni