Group-IB shares Bad Rabbit ransomware information with INTERPOL

Moscow, November 2nd, 2017 – Group-IB, one of the global leaders in high-fidelity Threat Intelligence and best in class anti-fraud solutions has discovered digital traces of cybercriminal activity connected with Bad Rabbit ransomware.

In accordance with a data-sharing agreement between INTERPOL and Group-IB a data-sharing agreement between INTERPOL and Group-IB announced today, this information has been passed to the INTERPOL Global Complex for Innovation. Under the agreement, the parties will exchange data to fight cybercrime more effectively through identifying criminal trends in cyber-space, emerging and known cyber-threats and malicious attacks.

Noboru Nakatani and Ilya Sachkov sign the agreement on cooperation between INTERPOL and Group-IB

Group-IB has conducted technical research into Bad Rabbit ransomware that last week attacked a number of Russia’s major media outlets and financial organizations, as well as infrastructure facilities in the Ukraine (metro, airport, Ministry of Infrastructure). The experts discovered the source and methods of malware distribution, analyzed its structure and functionality and concluded that the same hacker group was responsible for both Bad Rabbit and NotPetya. The latter attacked energy, telecommunications and financial companies in the Ukraine in June 2017.

In the course of their research Group-IB experts discovered traces that will enable researchers to identify the criminals behind this attack. A part of the data from compromised sites was sent to a server, which was compromised by the same techniques previously used by the North Korean group, Lazarus. This information was passed to INTERPOL for further investigation.

To effectively combat today’s cyber-threats, cooperation between the public and private sectors is essential. INTERPOL’s agreement with Group-IB is an important step in our ongoing efforts to ensure law enforcement worldwide has access to the information they need to address the scale and complexity of today’s cybercrime landscape.

Noboru Nakatani

Executive Director of the IGCI

International cooperation in cybercrime investigations is vitally important, since there are no borders in cyberspace and cybercriminals dexterously use these principal differences of the real and virtual world to escape punishment. We’re glad we now have the opportunity to exchange the information not only with INTERPOL, but with all the organizations of this community on the regular basis. I’m sure this will provide a synergetic effect, and in the near future we’ll see considerable progress in the investigation of not only Bad Rabbit, but a number of other attacks and cybercriminal groups.

Ilya Sachkov

CEO Group-IB