Moscow, November 2nd, 2017 – Group-IB, one of the global leaders in high-fidelity Threat Intelligence and best in class anti-fraud solutions has discovered digital traces of cybercriminal activity connected with Bad Rabbit ransomware.
In accordance with a data-sharing agreement between INTERPOL and Group-IB a data-sharing agreement between INTERPOL and Group-IB announced today, this information has been passed to the INTERPOL Global Complex for Innovation. Under the agreement, the parties will exchange data to fight cybercrime more effectively through identifying criminal trends in cyber-space, emerging and known cyber-threats and malicious attacks.
Noboru Nakatani and Ilya Sachkov sign the agreement on cooperation between INTERPOL and Group-IB
Group-IB has conducted technical research into Bad Rabbit ransomware that last week attacked a number of Russia’s major media outlets and financial organizations, as well as infrastructure facilities in the Ukraine (metro, airport, Ministry of Infrastructure). The experts discovered the source and methods of malware distribution, analyzed its structure and functionality and concluded that the same hacker group was responsible for both Bad Rabbit and NotPetya. The latter attacked energy, telecommunications and financial companies in the Ukraine in June 2017.
In the course of their research Group-IB experts discovered traces that will enable researchers to identify the criminals behind this attack. A part of the data from compromised sites was sent to a server, which was compromised by the same techniques previously used by the North Korean group, Lazarus. This information was passed to INTERPOL for further investigation.
Executive Director of the IGCI