Security News > 2022 > January > ‘White Rabbit’ Ransomware May Be FIN8’s Latest Tool
A new ransomware family, White Rabbit, chewed through a local U.S. bank last month - and it may be connected to the financially motivated advanced persistent threat group known as FIN8, researchers said.
It looks like the operators behind the White Rabbit ransomware have taken a page from the more established ransomware family known as Egregor when it comes to hiding their malicious activity, researchers said.
The ransomware was spotted by multiple security outfits, and was first detected on Dec. 14 by the Lodestone Forensic Investigations team, which said that it had seen some White Rabbit activity a few days earlier, on Dec. 11.
Lodestone's analysis of the ransomware group's tactics, techniques, and procedures points to the White Rabbit group potentially being affiliated with FIN8.
In the December attack, White Rabbit dragged in a previously unseen version of BadHatch that, based on characteristics of the malware sample acquired, Lodestone named F5. "The exact relationship between the White Rabbit group and FIN8 is currently unknown," Lodestone stipulated.
As Trend Micro tells it, the White Rabbit ransomware creates a note for each file it encrypts.