‘White Rabbit’ Ransomware May Be FIN8 Tool

It’s a double-extortion play that uses the command-line password ‘KissMe’ to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art.

A new ransomware family, White Rabbit, chewed through a local U.S. bank last month — and it may be connected to the financially motivated advanced persistent threat (APT) group known as FIN8, researchers said.

In a Tuesday report, Trend Micro researchers said that this twicky wabbit knows how to burrow away where it can’t be spotted. In fact, it looks like the operators behind the White Rabbit ransomware have taken a page from the more established ransomware family known as Egregor when it comes to hiding their malicious activity, researchers said.

Egregor, which claimed responsibility for a well-publicized cyberattack on Barnes & Noble in October 2020, is a ransomware-as-a-service (RaaS) player that sparked an FBI warning after compromising more than 150 organizations in short order after its birth.

White Rabbit may be sneaky, but it leaves tracks. The ransomware was spotted by multiple security outfits, and was first detected on Dec. 14 by the Lodestone Forensic Investigations team, which said that it had seen some White Rabbit activity a few days

Read More: https://threatpost.com/white-rabbit-ransomware-fin8/177703/