Group-IB shares Bad Rabbit ransomware information with INTERPOL

Moscow, November 2nd, 2017 – Group-IB, one of the global leaders in high-fidelity Threat Intelligence and best in class anti-fraud solutions has discovered digital traces of cybercriminal activity connected with Bad Rabbit ransomware.

In accordance with a partnership with INTERPOL and Group-IB this information has been passed to the INTERPOL Global Complex for Innovation. Under the agreement, the parties will exchange data to fight cybercrime more effectively through identifying criminal trends in cyber-space, emerging and known cyber-threats and malicious attacks.

Noboru Nakatani and Ilya Sachkov sign the agreement on cooperation between INTERPOL and Group-IB

Noboru Nakatani and Ilya Sachkov sign the agreement on cooperation between INTERPOL and Group-IB

Group-IB has conducted technical research into Bad Rabbit ransomware that last week attacked a number of Russia’s major media outlets and financial organizations, as well as infrastructure facilities in the Ukraine (metro, airport, Ministry of Infrastructure). The experts discovered the source and methods of malware distribution, analyzed its structure and functionality and concluded that the same hacker group was responsible for both Bad Rabbit and NotPetya. The latter attacked energy, telecommunications and financial companies in the Ukraine in June 2017.

In the course of their research Group-IB experts discovered traces that will enable researchers to identify the criminals behind this attack. A part of the data from compromised sites was sent to a server, which was compromised by the same techniques previously used by the North Korean group, Lazarus. This information was passed to INTERPOL for further investigation.

To effectively combat today’s cyber-threats, cooperation between the public and private sectors is essential. INTERPOL’s agreement with Group-IB is an important step in our ongoing efforts to ensure law enforcement worldwide has access to the information they need to address the scale and complexity of today’s cybercrime landscape.

Noboru Nakatani, Executive Director of the IGCI, INTERPOL
Noboru Nakatani

Executive Director of the IGCI

International cooperation in cybercrime investigations is vitally important, since there are no borders in cyberspace and cybercriminals dexterously use these principal differences of the real and virtual world to escape punishment. We’re glad we now have the opportunity to exchange the information not only with INTERPOL, but with all the organizations of this community on the regular basis. I’m sure this will provide a synergetic effect, and in the near future we’ll see considerable progress in the investigation of not only Bad Rabbit, but a number of other attacks and cybercriminal groups.

Ilya Sachkov
Ilya Sachkov

CEO Group-IB

About Group-IB

Group-IB, with its headquarters in Singapore, is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property. The company’s Threat Intelligence and Research Centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), and Europe (Amsterdam).

Group-IB’s Unified Risk Platform is an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB’s products and services consolidated in Group-IB’s Unified Risk Platform include Group-IB’s Threat IntelligenceManaged XDRDigital Risk ProtectionFraud ProtectionAttack Surface ManagementBusiness Email ProtectionAudit & ConsultingEducation & TrainingDigital Forensics & Incident ResponseManaged Detection & Response, and Cyber Investigations.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 19 years of hands-on experience in cybercrime investigations worldwide and more than 70,000 hours of cybersecurity incident response accumulated in our leading DFIR Laboratory, High-Tech Crime Investigations Department, and round-the-clock CERT-GIB.

Group-IB is an active partner in global investigations led by international law enforcement organizations such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to protect its clients in cyberspace every day by creating and leveraging innovative solutions and services.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.