"'White Rabbit' Ransomware May Be FIN8 Tool"

A new ransomware family dubbed "White Rabbit," which hit a US bank last month, is suspected to be connected to FIN8, the financially-motivated Advanced Persistent Threat (APT) group. According to Trend Micro researchers, the operators behind the White Rabbit ransomware appear to be using the same tactics as the more established ransomware family, Egregor, in regard to hiding malicious activity. The White Rabbit ransomware was first detected on December 14, 2021, by the Lodestone Forensic Investigations team, but the earliest strings go as far back as July 10, 2021. The ransom note displayed by the ransomware includes bunny ASCII art and a message warning victims of the compromise of their network infrastructure, leakage of their critical data, and encryption of their files. The operators are using the same double-extortion tactic applied by the increasing number of Ransomware-as-a-Service (RaaS) players, threatening to leak or sell encrypted data to the public. This article continues to discuss the discovery, tactics, techniques, and procedures of the White Rabbit ransomware group, as well as the group's possible affiliation with FIN8. 

Threatpost reports "'White Rabbit' Ransomware May Be FIN8 Tool"