A ransomware attack called Bad Rabbit, potentially a new Petya malware variant, has spread from Russia and the Ukraine to countries worldwide -- including the United States. Cybereason, meanwhile, claims it has discovered a vaccine for Bad Rabbit.
The U.S. Department of Homeland Security issued a warning about Bad Rabbit on Tuesday, stating:
"US-CERT has received multiple reports of Bad Rabbit ransomware infections in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware."
To combat the threat, DHS told IT professionals to review US-CERT Alerts TA16-181A and TA17-132A, each of which describe recent ransomware events. The organization also asked victims to report ransomware incidents to the Internet Crime Complaint Center (IC3).
Bad Rabbit: Latest Updates
Updated 6:58 a.m. ET Wednesday, October 25: A Massachusetts researcher, apparently from Cybereason, says he has a vaccine to protect customers from Bad Rabbit. However, MSSP Alert has not independently confirmed whether the vaccine is legitimate.
Updated 6:54 a.m. ET, Wednesday, October 25: Avast, the anti-virus security company, says Bad Rabbit has now spread to the United States, though details about specific attacks are hard to come by.
The ransomware masqueraded as an update to Adobe Systems's Flash, and once downloaded it attempted to spread within victims’ networks, according to The Wall Street Journal. The attacks "do not utilize any legitimate Flash Player updates nor are they associated with any known Adobe product vulnerabilities,” an Adobe spokeswoman told The Journal.
Updated Tuesday, October 24: Early victims apparently include the Interfax news service. According to an October 24 message on the Interfax site:
"Interfax news services not available due to hacker attack
*** Interfax Group‘s servers have come under a hacker attack. The technical department is taking all measures to resume news services. We apologize for inconvenience."
The malware has also affected systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city, Kiev, according to BBC. Bad Rabbit encrypts the contents of a computer and asks for a payment of 0.05 bitcoins, or about $280 (£213), according to the report.
Bad Rabbit: A New Petya Malware Variant?
Bad Rabbit appears to be a Petya ransomware variant. Petya spread earlier this year, hitting major companies like Merck and FedEx. Some of FedEx's data was not recoverable, and the attack likely caused material financial impact, the package shipping company said in July. Petya likely caused millions in damages at Merck as well, according to recent third-party estimates.
Stay tuned to MSSP Alert for ongoing Bad Rabbit updates.