What is Bad Rabbit Ransomware?
Ransomware attacks are on the rise and, the recent one that’s making headlines this week is the Bad Rabbit Ransomware. The malware is said to be linked to the previously released Petya ransomware and inspired by Game of Thrones as the code contains references to the Dragons featured in it.
Bad Rabbit ransomware has affected corporate and media houses in Russia and Ukraine and appears to be affecting Turkey and Germany. Though the full reach and extent of it is yet to be determined, researchers at Kaspersky security firm say that Bad Rabbit ransomware bears resemblance to WannaCry and Petya outbreaks earlier this year.
The head of Russian cybersecurity firm Group – IB, Ilya Sachkov told, “In some companies, work has been completely paralysed as servers and workstations are encrypted.” Some of the affected systems are the airport in Ukraine, the underground railway in capital city, Kiev and several Russian websites like Interfax news agency and Fontanka.ru
Mode of Propagation
As opposed to the other malwares, Bad Rabbit ransomware requires the victims to download a fake Adobe Flash Installer and manually run the .exe file. When this happens, the malware encrypts the contents of the computer system, thus infecting the system. Once the encryption is complete it asks for a ransom payment of 0.05 bitcoins that’s close to $280 USD. The screen shows the hour as 41 hours and if the victims do not pay within the specified time limit, the ransom amount keeps on going up.
According to Kaspersky researchers, “This is a targeted attack against corporate networks, using methods similar to those used in the ExPetr attack.” According to their investigation, a bit of the code used in Bad Rabbit ransomware was previously spotted in Petya. But unlike Petya ransomware, Bad Rabbit doesn’t use exploits and needs to be manually run. Also, it uses a Trojan like Mimikatz tool to extract data from affected systems.
How to Keep Safe?
One of the foremost things advised is not to download the Adobe Flash Installer from any other website or links on email, apart from the official Adobe website, as the ransomware only infects the system if the fake Adobe Flash player is manually installed.
Researchers have come up with a vaccination to protect your systems from being infected
I can confirm – Vaccination for #badrabbit:
Create the following files c:\windows\infpub.dat && c:\windows\cscc.dat – remove ALL PERMISSIONS (inheritance) and you are now vaccinated. 🙂 pic.twitter.com/5sXIyX3QJl
— Amit Serper (@0xAmit) October 24, 2017
You can refer the whole procedure here to immunize your computer system.
Always be cautious when clicking links on the internet as well as any unknown or suspicious emails
- If you want to download or update your Adobe Flash Player please do it from the official Adobe website and not any other source
- Don’t open emails from unknown senders
- Think twice before clicking on links sent to you by email or on the internet
- If you notice anything out of normal activity on your system, do reach out to your IT help Assistance desk immediately
- Update your antivirus and scan your system