As previously reported «Kaspersky laboratory», The attack is aimed primarily at corporate networks. For decoding files, attackers require 0.05 bitcoin, which at the modern rate is about $ 280, or about 16 thousand. rubles.
According to the ESET viral laboratory, Badrabbit’s attacks (Diskcoder.D) were subjected to media, transport companies and state institutions. «ESET telemetry system currently fixes hundreds of Diskcoder attacks.D. Most of ESET antivirus products fall on Russia and Ukraine, Turkey, Bulgaria and some other countries are also affected», — The message says.
«Kaspersky laboratory» I have already suggested that the Badrabbit attack may be associated with Expetr cybercard (aka Petya or NotPetya). Now this information is confirmed by Group-IB experts. In particular, it was found that Badrabbit is a modified version of notpetya with fixed errors in the encryption algorithm. Badrabbit code includes parts completely repeating notpetya.
Badrabbit has a distribution module using the SMB protocol. It was also established that the attack uses the Mimikatz program, which intercepts login and passwords on the infected machine.
To protect against Badrabbit, experts recommend creating a C: \ Windows \ Infpub file.DAT and set the attribute for it «only for reading». After that, even in case of infection, the files will not be encrypted. Of course, it is impossible to neglect antivirus agents and update the operating system, as well as security tools.
Some additional details about the Badrabbit cybercard can be found here.
- Kaspersky laboratory