Group-IB shares Bad Rabbit ransomware information with INTERPOL

12:55 03.11.2017 •

Noboru Nakatani and Ilya Sachkov sign the agreement on cooperation between INTERPOL and Group-IB

Group-IB discovered digital traces of cybercriminal activity connected with Bad Rabbit ransomware and passed them to INTERPOL for further research 

Moscow, November 2nd, 2017 – Group-IB, one of the global leaders in high-fidelity Threat Intelligence and best in class anti-fraud solutions has discovered digital traces of cybercriminal activity connected with Bad Rabbit ransomware. In accordance with a data-sharing agreement recently signed with INTERPOL by Group-IB, this information has been passed to the INTERPOL Global Complex for Innovation. Under the agreement, the parties will exchange data to fight cybercrime more effectively through identifying criminal trends in cyber-space, emerging and known cyber-threats and malicious attacks.

Group-IB has conducted technical research into Bad Rabbit ransomware that last week attacked a number of Russia’s major media outlets and financial organizations, as well as infrastructure facilities in the Ukraine (metro, airport, Ministry of Infrastructure). The experts discovered the source and methods of malware distribution, analyzed its structure and functionality and concluded that the same hacker group was responsible for both Bad Rabbit and NotPetya. The latter attacked energy, telecommunications and financial companies in the Ukraine in June 2017.  

In the course of their research Group-IB experts discovered traces that will enable researchers to identify the criminals behind this attack. A part of the data from compromised sites was sent to a server, which was compromised by the same techniques previously used by the North Korean group, Lazarus. This information was passed to INTERPOL for further investigation.

“To effectively combat today’s cyber-threats, cooperation between the public and private sectors is essential,” said Noboru Nakatani, Executive Director of the IGCI. “INTERPOL’s agreement with Group-IB is an important step in our ongoing efforts to ensure law enforcement worldwide has access to the information they need to address the scale and complexity of today’s cybercrime landscape.”

“International cooperation in cybercrime investigations is vitally important, since there are no borders in cyberspace and cybercriminals dexterously use these principal differences of the real and virtual world to escape punishment,” said Ilya Sachkov, CEO and founder, Group-IB. “We’re glad we now have the opportunity to exchange the information not only with INTERPOL, but with all the organizations of this community on the regular basis. I’m sure this will provide a synergetic effect, and in the near future we’ll see considerable progress in the investigation of not only Bad Rabbit, but a number of other attacks and cybercriminal groups”.

Detailed info on the results of Bad Rabbit malware research by Group-IB is available on the blog:


About Group-IB

Group-IB is one of the global leaders in preventing and investigating high-tech crimes and online fraud and the first Russian supplier of threat intelligence solutions included in Gartner, Forrester, and IDC reports. In order to prevent cyberattacks, Group-IB supplies solutions from its line of early threat detection products. It is a permanent member of the World Economic Forum. Group-IB has the largest criminalistics laboratory in Eastern Europe and a computer emergency response team (CERT-GIB). In 2017, the company became the leader of Russia Threat Intelligence Security Services Market Analysis conducted by IDC. For more details visit:


read more in our Telegram-channel