Expert: hacking Bad Rabbit — pure extortion

Russia and Ukraine today attacked a new virus-the Trojan horse. Affected by “bad rabbit” pleaded three Russian media Interfax, Fontanka, and New newspaper-Baltic. In the square he disrupted the work of the Kiev metro and the Odessa airport. However, in the security service of Ukraine has said that the spread of the virus managed to block. Our law enforcement agencies also say that all of them under control. Whether to believe the fighters with cybercrime or is it the beginning of a new, vast wave of hacker attacks which will be difficult to handle? Whether to wait for any serious consequences? Why the attacks has been that Russia and Ukraine? These and other questions we asked the technician Cyberathlete Andrei Masalovich.


The first report of a new attack of the virus-ransomware was published on Twitter, the company Group-IB. Was blocked computers three Russian media, on their screens appeared a recommendation from the hackers “not to waste time” in trying to recover the files, but to pay for the restoration of access to 0.05 bitcoin (now $283,67 or 14.2 thousand rubles). Analysts have discovered that the virus spreads via fake update notifications for Adobe Flash.

Read the story: Hackers brought down the website of the Russian Agency “Interfax”

And the cyber attack was subjected to the Kiev metro. It ceased to operate banking services that accept payment by card. Odessa airport also reported an attack on its banking and information systems.

Some experts have suggested that all this could be followed by more serious attacks.

But the expert, “MK” Andrei Masalovich thinks otherwise.

– The attack was organized, to be honest. I perceive it as politically motivated, pure extortion, says Masalovich. – Do not exclude that tomorrow the picture can change, and it appears that I’m wrong, because computer forensics around the world are studying the components, and the results yet, but I have only the information we have today.

According to the expert, any Trojan is conventionally of three parts. The first is the vulnerability through which it penetrates. The second delivery system — that is, what brings virus to the computer, so that man could by his own hand open. And the third is the malware.

The first part is the hardest, it is written by the super-professionals, it is expensive, rare, – says the Masalovich. – Therefore, large-scale attacks until recently were few and each time they were boxed. This year a significant event occurred in February-March, WikiLeaks published a fan of the fighting Trojans of cyberweapons, FBI and CIA, in which I counted about 122 new tools available to hackers. That is, in the hands of the hackers got cyber weapons, and the best of what what was done on the planet to destroy computers. Fortunately, judging by this attack, it fell into the hands of not very organised people. The current attack I feel is politically motivated, pure extortion.

Why? Here’s how the expert explains his findings:

– If there was a group of more experienced hackers would know that the size of payments that they receive, is very hard, almost wholly depend on comforts. That is, if a person needed to press the button if he agrees that he was off the money, then almost everyone would be paid. And in this case, the user needs to go to the site with a specific name, to register, to find on the page a complex formula, which he should ask. You need a lot of complex actions to perform in order to pay. I suspect that a large part of all of this spit and say: Yes, I’ll lose data. This all leads to the conclusion that the team that did it all, or much hurry, or just ignorant. Maybe both. Most likely, the “head” took a good Trojan, the Trojan wrote her, and maybe took a stranger, a lot of them now and can be downloaded, does not even need to be a hacker. Delivery — via an update for Adobe Flash, also quite standartnoe. And the behavior of the Trojan is strange — he, seizing servers, not go on servers offices in other countries, it means that the scanning part and the distribution of attacks made sloppy.

– Why victims of attack is selected precisely Russia and Ukraine, do you think?

Either the hackers are Russian-speaking, or so you have set up the scanner. Maybe they took a sample of the previous attack, should then attack Russia happened, then why now not hire. That is, the Russian-speaking segment was taken without any political motive. Those who simultaneously attack Russia and Odessa, it is certainly not the Odessa and Russian hackers, this is purely an economic crime.

– The fact that they use bitcoin, as it complicates their search services?

– No, it’s actually an illusion of impunity and anonymity. In fact, with a good interaction of special services, the way of bitcoin and points of monetization, the point of vigodarzere for individuals are calculated quickly. Hackers hit only that special services of different countries while interacting tight, but as their relationship will be sought, such crimes will be less and less.

– Could you be one of the reasons for the attack on Russia that the intelligence agencies of other countries are not particularly willing to interact with ours?

– And they among themselves until everything is smooth. For example, when a wave of telephone terrorists, the US had about 2000 calls when terrorized by the threat of bombings in Jewish centers. To calculate and detain the terrorist who were on the territory of Israel, took 18 days. That is, the reason for such a result was not technical problems, but the fact that the security services had long agreed.

Evening newsletter the best in MK: subscribe to our Telegram channel

Leave a Reply

Your email address will not be published. Required fields are marked *