FinAi News

No products in the cart.

Subscribe
  • News
  • AI News Tool
  • Data
  • Transactions
  • Events
    • FinAi Banking Summit
    • FinAi Lending Summit
  • Podcast
  • WEBINARS
    • Webinar Library
Log In
No Result
View All Result
  • Banking
  • Lending
  • Payments
  • Risk & Security
  • Strategy
FinAi News
  • News
  • AI News Tool
  • Data
  • Transactions
  • Events
    • FinAi Banking Summit
    • FinAi Lending Summit
  • Podcast
  • WEBINARS
    • Webinar Library
BAN PLUS
Log In
No Result
View All Result
FinAi News
No Result
View All Result

New ransomware White Rabbit targets US bank

White Rabbit’s low-profile payload is ‘inconspicuous,’ cybersecurity firm says

Loraine LawsonbyLoraine Lawson
February 1, 2022
in Risk & Security
Reading Time: 2 mins read
0
Share on Facebook

A new family of ransomware — called “White Rabbit” — could be targeting banks.

A U.S. bank was attacked in December, according to security firm Trend Micro. Although Trend Micro didn’t provide attack specifics, ransomware attacks typically steal customer account data and threaten to release it – typically on the dark web — unless the financial institution pays a ransom.

New ransomware White Rabbit targets US bank
Photo by CanStock

The ransomware “carries a potential connection to the advanced persistent threat (APt) group FIN8,” according to cybersecurity firm Trend Micro. FIN8 is a financially motivated cybergang that has previously targeted the retail, hospitality and entertainment industries with tailored spearphishing campaigns using the downloader Punchbuggy and point-of-sale (POS) malware Punchtrack.

White Rabbit appears to be in the testing phase, according to Trend Micro. Its success as ransomware will rely on exploiting a compromise within a network, Tom Atkins, a vice president of sales at identity detection and response provider Attivo Networks, told Bank Automation News.

“The key thing to remember about modern ransomware, and in particular White Rabbit ransomware, is that the attack isn’t successful unless the attacker can encrypt tens of thousands of systems within their target,” Atkins said. “There must be a compromise that allows for malicious software distribution inside a network,” in order for it to succeed, he added.

Seldom discussed is what comes after the initial malware compromise.

“This is ironic because what costs ransomware victims’ money is not the initial incursion, but rather the threat actor’s ability to successfully distribute malicious software inside an organization,” Atkins told BAN.

Trend Micro described what makes White Rabbit unique in a Jan. 18 blog post.

“One of the most notable aspects of White Rabbit’s attack is how its payload binary requires a specific command-line password to decrypt its internal configuration and proceed with its ransomware routine,” the blog post said. “White Rabbit’s payload is inconspicuous at first glance, being a small file of around 100 KB with no notable strings and seemingly no activity.”

The ransomware’s attack can be identified by the presence of strings – or sequence of characters– for logging in, although the security firm noted that actual behavior wouldn’t be easily observed without the correct password.

Researchers from Lodestone Security, which specializes in cyber defense and incident response in the U.S, reported that White Rabbit uses a previously unseen version of Badhatch, an F5 backdoor also associated with the FIN8 cybergang, according to the blog post.

The ransomware creates a note for each file that it encrypts, which bears the name of the encrypted file and is appended with “.scrypt.txt,” according to Trend Micro. Before running its routine, it also ends several processes and services, including those related to antivirus.

Bank Automation Summit, taking place March 1-2 in Charlotte, is the first and only event to focus solely on automation in banking. The event will feature the brightest minds from across financial services on intelligent automation strategies and deployment. Learn more and register here for Bank Automation Summit 2022.

Tags: cyberattackscybercrimePremiumransomware
Previous Post

How to provide more transaction clarity & reduce friendly fraud

Next Post

FBI issues warning on QR code payment fraud

Related Posts

Cybersecurity locks among multiple data points
Risk & Security

CISA creates cybersecurity prioritization, patch protocol

June 29, 2026
Courtesy/Canva
Risk & Security

Bridging the skills gap: Ensuring cybersecurity amid AI proliferation

June 25, 2026
The rise of synthetic fraud in BNPL
Risk & Security

AI helps fraudsters perpetrate ‘zombie business’ schemes

June 23, 2026
Next Post
Photo by CanStock

FBI issues warning on QR code payment fraud

Stay Informed with Our Newsletters

* indicates required

By clicking submit below, you consent to allow FinAi News (Royal Media Group) to store and process the personal information submitted above to provide you the content requested.

For more information, please visit www.royalmedia.com/legal.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp’s privacy practices.

EMERGING FINTECH DIRECTORY

Emerging Fintech Directory

The Buzz Podcast

SPONSORED

How AI and Product Experts Turn Fuzzy Requirements Into Focused Dev-ready Roadmaps

April 19, 2026

Is Your Technology Supplier There for You?

April 1, 2026

Hiding in Plain Sight: How to Use Data to Spot Consumer Accounts Being Used by Small Businesses

November 10, 2025

  • About Us
  • Help Center
  • Contact Us
  • Privacy Terms
  • ADA Compliance
  • Advertise

 [wt_cli_manage_consent]

Connect

twitter linkedin podcast podcast podcast
© 2026 Royal Media
No Result
View All Result
  • NEWS
    • All News
    • Banking
    • Lending
    • Payments
    • Risk & Security
    • Strategy
  • AI News Tool [Beta]
  • DATA
  • TRANSACTIONS
  • EVENTS
    • FinAi Banking Summit
    • FinAi Lending Summit
  • PODCAST
  • WEBINARS
    • Webinar Library
  • SUBSCRIBE
  • Log In / Account

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Unlock This Article

Create your free FinAi News account to access this article and stay informed on how AI is transforming financial services including banking, lending, payments, and risk.

Yes, I'd like to receive FinAi News updates, breaking news, and exclusive AI insights for financial services leaders.

Continue Reading with FinAi News Premium - Less than $2/Day

Upgrade to FinAi News Premium for unlimited access to news, insights, trends, and intelligence on how AI is transforming financial services including banking, lending, payments, and risk.
Upgrade to FinAi News Premium Subscription
No Result
View All Result
  • NEWS
    • All News
    • Banking
    • Lending
    • Payments
    • Risk & Security
    • Strategy
  • AI News Tool [Beta]
  • DATA
  • TRANSACTIONS
  • EVENTS
    • FinAi Banking Summit
    • FinAi Lending Summit
  • PODCAST
  • WEBINARS
    • Webinar Library
  • SUBSCRIBE
  • Log In / Account