LOCKY, TRIKBOT AND BADRABBIT ARE A NEW WAY TO ATTACK

LOCKY, TRIKBOT AND BADRABBIT ARE A NEW WAY TO ATTACK #1
2017-10-24 20:30

Ukrainian governmental offices, ports and airports were attacked by a new virus on October 24, 2017.

This attack was made by 3 malware families. 

This fact, in itself, is a unique challenge for the antivirus industry.

Here is a short description of the families used in the course of the attack:

1.    Locky is one of the most famous encryptor families. According to independent sources, this family managed to “earn” the largest amount of bitcoins by blackmail.

Locky is also famous for its ability to avoid standard AVs protection. Earlier this year during the attack on the Eastern European countries, the creators of the above mentioned encryptor modified the code more than 10,000 times just in a few hours in order to avoid it being detected by traditional AVs.  

2.    Trikbot is a kind of so-called banking trojans. Interestingly, this kind used a number of techniques for spreading WannaCry encryption and learned to steal money from bitcoin wallets.

BadRabbit is a new encryptor family. According to the research by ROMAD analysts, BadRabbit is a further reincarnation of the NonPetya encryptor. It also uses recording techniques in the MBR and the method of attempting to distribute in the network using the technology of the Mimikatz utility.