News & Insights

Bad Rabbit and IoTroop Botnet: New Malware Attacks On the Rise

WhiteHawk Inc.

Bad Rabbit and IoTroop Botnet: New Malware Attacks On the Rise

While National Cyber Security Awareness Month is over, two powerful types of malware are gaining momentum and threatening your business.

Bad Rabbit is Bad News.

On Tuesday October 24, 2017, a new crypto-ransomware known as Bad Rabbit, hit several organizations across Russia, Ukraine, Germany, Turkey, Poland, and South Korea.

According to Silobreaker, Bad Rabbit has started to spread across the United States too. This ransomware spreads by displaying popup windows on compromised websites asking the target to download fake Adobe Flash updates. Once the target clicks on the download link, the malware encrypts their system and displays the ransom note. The amount required is 0.05 bitcoin, which is equal to approximately $285. If payment is not made within a certain amount of time, the ransom increases.

Bad Rabbit shares many similarities with NotPetya, a global ransomware that caused major turmoil earlier this year. Cyber security experts and researchers are not yet sure how far this malware will spread and what would be the extent of the damage. US Computer Emergency Readiness Team (US-CERT) discourages victims from making any ransom payment as it does not guarantee that their systems will be restored.

Silobreaker notes that victims of Bad Rabbit include Kiev Metro, Odessa naval port, Odessa airport, Ukraine's ministries of infrastructure and finance, Interfax, and other Russian news agencies.

Rise of the Reaper!

Another cyber threat to watch for is IoTroop Botnet or Reaper, nicknames given by cyber security experts. Reaper is a variant of Mirai, a malware that launched a major Distributed Denial of Service attack last October on Dyn, the core Domain Name System (DNS) provider for Internet service companies such as Twitter,, Netflix, Reddit, and Spotify.

Unlike Mirai, which infected Internet of Things (IoT) devices by simply guessing users' login information, Reaper also exploits known security vulnerabilities in different IoT devices. This makes Reaper a bigger threat than Mirai. Researchers from Check Point Software have been tracking its development and estimate that it has already infected over a million networks in less than 30 days.

For more information on ransomware, take a look at another WhiteHawk blog.