A new ransomware “White Rabbit” was discovered by ransomware expert Michael Gillespie.
Based on a sample analyzed from one of its attacks in December 2021, Trend Micro researchers shared some details about ransomware.
This includes the fact that the ransomware executable is a small payload that weighs in at 100 KB file. It requires a password that must be entered during command-line execution to decrypt the malicious payload.
Once executed with the correct password, the ransomware scan all the folders on the device and encrypts targeted files, while it creates ransom notes for each encrypted file.
In the process of encrypting a device, removable network drives are also targeted. However, Windows system folders are excluded from encryption to prevent the operating system from becoming unusable.
Trend Micro’s report linked the ‘White Rabbit’ operation to the FIN8 ransomware group, a financially motivated group that uses POS malware to steal credit card data.
According to researchers, ‘White Rabbit’ uses a never-before-seen version of Badhatch. Badhatch (aka Sardonic) is a backdoor associated with FIN8.
For more information, read the original story in BleepingComputer.