2 November 2017

Group-IB shares Bad Rabbit ransomware information with INTERPOL

Moscow, November 2nd, 2017 – Group-IB, one of the global leaders in high-fidelity Threat Intelligence and best in class anti-fraud solutions has discovered digital traces of cybercriminal activity connected with Bad Rabbit ransomware.

In accordance with a data-sharing agreement between INTERPOL and Group-IB a data-sharing agreement between INTERPOL and Group-IB announced today, this information has been passed to the INTERPOL Global Complex for Innovation. Under the agreement, the parties will exchange data to fight cybercrime more effectively through identifying criminal trends in cyber-space, emerging and known cyber-threats and malicious attacks.

Noboru Nakatani and Ilya Sachkov sign the agreement on cooperation between INTERPOL and Group-IB

Noboru Nakatani and Ilya Sachkov sign the agreement on cooperation between INTERPOL and Group-IB

Group-IB has conducted technical research into Bad Rabbit ransomware that last week attacked a number of Russia’s major media outlets and financial organizations, as well as infrastructure facilities in the Ukraine (metro, airport, Ministry of Infrastructure). The experts discovered the source and methods of malware distribution, analyzed its structure and functionality and concluded that the same hacker group was responsible for both Bad Rabbit and NotPetya. The latter attacked energy, telecommunications and financial companies in the Ukraine in June 2017.

In the course of their research Group-IB experts discovered traces that will enable researchers to identify the criminals behind this attack. A part of the data from compromised sites was sent to a server, which was compromised by the same techniques previously used by the North Korean group, Lazarus. This information was passed to INTERPOL for further investigation.

To effectively combat today’s cyber-threats, cooperation between the public and private sectors is essential. INTERPOL’s agreement with Group-IB is an important step in our ongoing efforts to ensure law enforcement worldwide has access to the information they need to address the scale and complexity of today’s cybercrime landscape.

Noboru Nakatani, Executive Director of the IGCI, INTERPOL

Noboru Nakatani

Executive Director of the IGCI

International cooperation in cybercrime investigations is vitally important, since there are no borders in cyberspace and cybercriminals dexterously use these principal differences of the real and virtual world to escape punishment. We’re glad we now have the opportunity to exchange the information not only with INTERPOL, but with all the organizations of this community on the regular basis. I’m sure this will provide a synergetic effect, and in the near future we’ll see considerable progress in the investigation of not only Bad Rabbit, but a number of other attacks and cybercriminal groups.

Ilya Sachkov

Ilya Sachkov

CEO Group-IB

Group-IB is one of the leading providers of solutions aimed at detection and prevention of cyberattacks, online fraud, and IP protection. Group-IB Threat Intelligence & Attribution system was named one of the best in class by Gartner, Forrester, and IDC.

Group-IB’s technological leadership is built on the company’s 17 years of experience in cybercrime investigations worldwide and 65,000 hours of incident response accumulated in our leading forensic laboratory and 24/7 CERT-GIB.

Group-IB is a partner of INTERPOL, Europol, and a cybersecurity solutions provider, recommended by SWIFT and OSCE. Group-IB is a member of the World Economic Forum.

Report an incident

24/7 Incident Response Assistance +65 3159-4398

Thank you for the inquiry! We will contact you soon.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Report an incident