Security News > 2022 > January > New White Rabbit ransomware linked to FIN8 hacking group
A new ransomware family called 'White Rabbit' appeared in the wild recently, and according to recent research findings, could be a side-operation of the FIN8 hacking group.
The first public mention of the White Rabbit ransomware was in a tweet by ransomware expert Michael Gillespie, seeking a sample of the malware.
In a new report by Trend Micro, researchers analyze a sample of the White Rabbit ransomware obtained during an attack on a US bank in December 2021.
The ransomware executable is a small payload, weighing in at 100 KB file, and requires a password to be entered on command line execution to decrypt the malicious payload. A password to execute the malicious payload has been used previously by other ransomware operations, including Egregor, MegaCortex, and SamSam.
More specifically, the novel ransomware uses a never-before-seen version of Badhatch, a backdoor associated with FIN8.
As the Lodestone report concludes: "Lodestone identified a number of TTPs suggesting that White Rabbit, if operating independently of FIN8, has a close relationship with the more established threat group or is mimicking them."