Q
Problem solve Get help with specific problems with your technologies, process and projects.

Bad Rabbit ransomware: How does it compare to other variants?

Bad Rabbit ransomware mimics other recent ransomware variants, such as NotPetya. Discover the similarities and differences between the two with expert Nick Lewis.

How does the Bad Rabbit ransomware compare to other recent ransomware variants? Are there any weaknesses in Bad...

Rabbit that can enable users to recover data?

As operating systems and antimalware tools begin to include protection against ransomware, ransomware itself has evolved by including standard encryption software, such as the open source DiskCryptor. The Bad Rabbit ransomware has incorporated these improvements to make it more effective and dangerous.

Both FireEye and Kaspersky have investigated Bad Rabbit ransomware, as it is similar to the NotPetya ransomware, also known as ExPetr or EternalPetya.

Along with the standard ransomware functionality, some of the similarities between Bad Rabbit and NotPetya include checking for a specific file before infecting a system, checking the running processes on the local system looking for antimalware utilities, and performing antiforensic steps to make the investigation of an incident more difficult. Likewise, both malware authors used the same code base and reused part of the code that previously worked effectively.

On the other hand, Bad Rabbit has an additional command-line argument that can skip the credential theft and lateral movement attack aspects, but it does not include the PsExec utility bundle. These differences could have been implemented to reduce the chance of being detected, as dumping credentials and scanning systems on the network are key indicators of compromise.

Kaspersky reported that there is one potential option to recover an endpoint infected with Bad Rabbit malware, as it doesn't delete shadow copies. Therefore, if shadow copies are enabled on the endpoint, then they could be used to recover data without paying the ransom.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in May 2018

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How has the evolution of ransomware variants, such as ExPetr, impacted your enterprise?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close