Currency converter
^
All news
News Search Topics
ОК
Use filter
You can filter your feed,
by choosing only interesting
sections.
Loading

Moscow-based Group-IB finds way to stop BadRabbit ransomware

October 25, 7:17 UTC+3 MOSCOW

Group-IB director general Ilya Sachkov earlier told TASS that his company identified the domain name which was used as a starting point for the attack

Share
1 pages in this article
© Morris MacMatzen/Getty Images

MOSCOW, October 25. /TASS/. Group-IB, a Russian-based cybercrime prevention and investigation company, said on Tuesday night it had found a way to stop the BadRabbit ransomware that had attacked computers in Russia and Ukraine earlier in the day.

According to the Group-IB channel in Telegram, in order to prevent the virus from encrypting files, a user needs to create a read-only file C:\windows\infpub.dat.

"After that, even in case of contamination, the files will not be encrypted," the company said.

Group-IB director general Ilya Sachkov earlier told TASS that his company identified the domain name which was used as a starting point for the attack.

Sergei Nikitin, a Group-IB deputy head, said the attack was already over, although sporadic cases of BadRabbit attacks were still possible.

"Even the domain used to spread BadRabbit is not responding now," he said.

On Tuesday, the BadRabbit ransomware attacked Russian mass media outlets Interfax and Fontanka.ru, as well as the Odessa Airport, the Ukrainian Ministry of Infrastructure and the Kiev subway in Ukraine. Users of infected computers receive a notice that their files are encrypted. The virus suggests making payment on a website to get access to files.

The authors of the virus are yet to be determined. Group-IB said the investigation is still ongoing, but ruled out a targeted attack.

According to Group-IB, it could be created by the author of another ransomware, NotPetya. The company’s experts established that a part of the BadRabbit was similar to that of NotPetya.

"Those viruses apparently have the same author, or the author of BadRabbit is an imitator," the company told TASS.

At the same time, BadRabbit can not be described as a modification of NotPetya, because it used different mechanisms for encryption and spreading.

Show more
Share
In other media
Реклама