A new strain of ransomware has been observed in the retail, restaurant, and financial environments. The ransomware has been identified as White Rabbit. through OSINT (open-source intelligence) we can hypothesize that White Rabbit is linked to, or affiliated with the FIN8 APT group.
PUNCHBUGGY and PUNCHTRACK are backdoor and scraping malware that are part of the TTPs (tactics, techniques, and procedures) of FIN8. The attack vectors used by the APT make them highly elusive and persistent. Security researchers also state that White Rabbit ransomware may have taken inspiration from Egregor ransomware which is far more established.
“This method of hiding malicious activity is a trick that the ransomware family Egregor uses to hide malware techniques from analysis,” the researchers pointed out, adding that “other samples might use a different password” than KissMe.
Ransom Note from White Rabbit