Warning: file_put_contents(/srv/users/serverpilot/apps/bitupdateus/public/wp-content/plugins/bulk-post-0.4-1/cache/sessions//acJY0mwvH2qVdf2fnUpZDV4Nf4Lv0IRd2BeWreea): failed to open stream: No space left on device in /srv/users/serverpilot/apps/bitupdateus/public/wp-content/plugins/stupidpie-1.8.3-1/vendor/illuminate/filesystem/Filesystem.php on line 122
  Ransomware: Bad Rabbit lurked in Watering Holes | Bit Updates
Home » bitcoin updates » Ransomware: Bad Rabbit lurked in Watering Holes

Ransomware: Bad Rabbit lurked in Watering Holes

Wednesday, October 25th, 2017 | bitcoin updates

  Ransomware: Bad Rabbit lurked in Watering Holes



          25.10.2017 19:05 UhrOlivia of Westernhagen

    (Image: Kaspersky)
              In the context of targeted campaigns, Bad Rabbit mainly targeted employees of Eastern European companies and authorities. According to media reports, the Ransomware now also spreads in Germany; the available references are however rather poor.
            The new Ransomware Bad Rabbit, which last night, inter alia, the operation of the Russian news agency Interfax, is to be distributed by means of so-called "watering-hole" attacks to employees of mainly Eastern European companies. This is the result of malware analyzes by various security software vendors. In the case of watering hole attacks, attackers infect malicious websites, which they know their target group is constantly visiting.
According to Trend Micro, Bad Rabbit compromised pages contained a script that redirected users to an alleged Flash Player installer. Kaspersky mentions that this redirect took place, among other things, on legitimate news sites. But the name does not name the manufacturer. The Ransomware itself had disguised as a flash player update called install_flash_player.exe. For the correct execution on a target computer the pest is dependent on a double-click of the user as well as on the presence of admin rights.
Interesting code parallels
Analysis of the malicious code shows that the Bad Rabbit developers have used existing Ransomware, but also the codebase of legitimate software. For example, Kaspersky published a screenshot, which identifies a code passage of Bad Rabbit and the Ransomware NotPetya as almost identical. The encryption code in the malicious code is again based on the tool DiskCryptor, a free software for the encryption of hard disks and removable media. Manufacturer ESET, which recognizes Bad Rabbit under the alias Diskcoder.D, also wants to have found out that the Ransomware uses the Metasploit tool Mimikatz for tapping login data.
A weak point in the encryption routine, which makes it possible to restore data without a ransom payment, does not appear to exist according to current knowledge. As usual, the manufacturers discourage payment. A researcher from McAfee published a list of file transmissions that encrypt Bad Rabbit.
Danger potential for German users still unclear
According to a company spokesman, ESET is certain "that Germany will also be the target in the course of the ongoing cyber attack." This suggested some experience with earlier Ransomware attacks. This assessment clearly shares many German media: their headlines read as if Bad Rabbit had already arrived in Germany. In the text they refer often to a statement of Kaspersky, which is not read in the original at all threatening. The manufacturer merely writes that most attack targets are in Russia and that he has observed similar "but less" attacks in Ukraine, Turkey and Germany.
Trend Micro also refers to targets outside Russia – Denmark, Ireland and Turkey. There, "some websites with Bad Rabbit were discovered". Concrete websites or even numbers are not mentioned here. It remains to be seen whether Bad Rabbit will become a problem in Germany.




Price increase: Monero co

In terms of anonymity of digital currencies, Monero is an old acquaintance. Its

Twenty Years "Waltz

The unusual name would have ruined almost everything. "Waltz links knit" – there

Chinese billionaire may h

             AP PhotosEs is almost unimaginable: a Chinese billionaire has apparently hidden six

The Crypto-Bloodbath - An

The last 24 hours were characterized by a crypto-bloodbath in the area of