By: Carolyn Crandall When my kids were little, I used to read them “Pat the Bunny,” a “touch and feel” book where they could feel the fur of a rabbit (fake), or sandpaper that represented dad’s scratchy face in the morning. As we have learned in the last couple of weeks, however, not all bunnies are cute and snuggly. The latest ransomware to emerge onto the world scene is Bad Rabbit. This threat contains 67 percent of the same code as NotPetya’s DLL, pointing to the potential that the two malware variants originated from the same threat actor.
Some of the big companies hit by the NotPetya malware in late June have reported losing hundreds of millions of dollars due to the cyberattack.
The NotPetya malware outbreak affected tens of thousands of systems in more than 65 countries, including ones belonging to major organizations such as Rosneft, AP Moller-Maersk, Merck, FedEx, Mondelez International, Nuance Communications, Reckitt Benckiser and Saint-Gobain. Many of the victims were located in Ukraine, the home of a tax software firm whose product was used as the main attack vector.
Researchers initially believed NotPetya (aka PetrWrap, exPetr, GoldenEye and Diskcoder.C) was a piece of ransomware, similar to WannaCry. However, a closer analysis revealed that it was actually a wiper and it was unlikely that victims could recover their files, even if they paid the ransom.
Ukraine’s government, National Bank, its transportation services and largest power companies are bearing the brunt of what appears to be a massive ransomware outbreak that’s fast spreading across the world and hitting a significant number of critical infrastructure providers.
Whispers of WannaCry abound, though some security experts said on Tuesday that a different breed, named Petya, was to blame. “[We’re seeing] several thousands of infection attempts at the moment, comparable in size to WannaCry’s first hours,” said Kaspersky Lab’s Costin Raiu, who added that the infections are occurring in many different countries. Another firm, BitDefender, said it believed a similar strain called GoldenEye was responsible. Later, security firms, including Kaspersky and Avast, said the malware responsible was actually an entirely new ransomware that had borrowed Petya code.