Discovered new ransomware called White Rabbit, related to the notorious FIN8 hacker group
A new family of ransomware called White Rabbit has just been discovered by researchers. According to research results, it is possible that this ransomware is a side activity of the notorious FIN8 hacker group.
FIN8 is a group that specializes in hacking for money and usually targets financial institutions. Over the past few years, FIN8's main attack method has been to deploy malicious POS software to steal credit card information.
In December 2021, TrendMicro researchers obtained a sample of the White Rabbit ransomware when it attacked a bank in the US. The ransomware executable is a small payload, about 100KB in size, and requires a new password to be entered to decrypt the payload.
The password used to execute the malicious payload has been used in previous ransomware campaigns such as Egregor, MegaCortex, and SamSam.
After entering the correct password, the ransomware executes, which scans all folders on the device and encrypts the files it targets, creating a ransom note for each file it encrypts.
Example: A file named test.txt will be encrypted as test.txt.scrypt and a ransom note will be created with the name test.txt.scrypt.txt.
When encrypting a device, removable hard drives and network storage drives will also be attacked. Windows system files will not be encrypted to avoid damaging the operating system.
In the ransom note, the cybercriminal informs the victim that their data has been stripped. Therefore, if the ransom requirements are not met, the cybercriminals will publicly post and/or sell the data.
The time limit for the victim to prepare the ransom is 4 days, the victim can contact or negotiate with the attackers via a Tor site.
Currently, the White Rabbit only attacks certain entities. However, with the connection to FIN8, researchers fear that it will become a threat to many companies and businesses in the near future.
At this point, White Rabbit can be prevented by standard anti-ransomware measures as follows:
- Implement multi-layered detection and response solutions.
- Create an incident response handbook to prevent and recover from an attack.
- Conduct simulations of ransomware attacks to identify vulnerabilities and evaluate performance.
- Perform backups, test backups, verify backups, and store backups offline.
You should read it
- Bad Rabbit - Petya's new ransomware spreads throughout Eastern Europe
- 7 kinds of ransomware you didn't expect
- List of the 3 most dangerous and scary Ransomware viruses
- Warning: Ransomware is spreading through fake malicious Windows updates
- Ransomware can encrypt cloud data
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- [Infographic] 7 effective ways to protect businesses from Ransomware
- What is BlackCat Ransomware? How to prevent?
- How to decode ransomware InsaneCrypt (Everbe 1.0)
- Why is Ransomware the perfect hack?
- Learn about Ransomware: 6 ransomware on computers
Maybe you are interested
What is PetitPotam Attack? How to overcome PetitPotam attack The Microsoft MSERT tool can find web shells related to the Exchange Server attack campaign Many encrypted SSDs can be decoded without a password Wsreset tool of Windows 10 Store was used by hackers to bypass anti-virus software The CredSSP vulnerability in the RDP protocol affects all versions of Windows Detects two serious vulnerabilities on uTorrent that can help hackers execute malicious code or view download history on your computer