It's Madness If Kissed. White Rabbit Unleashes Ransomware

Published: February 22, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



It’s late, it’s late! For a very important…cyberattack. It’s a hard to detect form of ransomware, called White Rabbit, and it’s been reported on by researchers and linked back to a not unfamiliar crime group known for targeting organizations in the financial industry. It’s not a fictional attack involving mushrooms, hatters, or crazy cats. They are not messing around.


White Rabbit was utilized in December 2021 in an attack against a bank in the United States. Researchers at Trend Micro believe the tactics have been seen before with the cybercriminal group, FIN8. And that group is believed to have sat down for tea with another group, Egregor. Egregor claimed responsibility for an attack in 2020 against the bookstore chain, Barnes & Noble, that led to the FBI issuing a warning.


This latest attack packs double-punch in that it uses a double extortion ploy. It’s uses the note KissMe to hide what it’s doing until the attack is triggered. The file is also very small, making it harder to detect. And to make the medicine go down a bit smoother, the group added cute little ASCII bunny art to the ransom note. But at that point, the network has been compromised and it’s certainly no tea party.



Ransomware is a growing threat. Criminals can use this type of attack to lock down files and systems and then demand payment for access to be returned. However, there’s never a guarantee that paying the ransom will get the files or access back. In fact, if it is returned, files are often corrupted and rendered useless.


There are ways to protect the systems and files. Perform regular backups for the important data. What “regular” means is dependent upon the type of business you’re in. If you’re in healthcare, that might need to be more often than some other organizations.


Of course, remember that those humans within your organization are the last line of defense for keeping ransomware at bay. Train everyone on how to identify phishing attempts and give them confidence that it’s OK to report mistakes. Everyone makes them and having a comfortable way to admit it will help keep your network from going down a rabbit hole of madness.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

3 views0 comments