Bad Rabbit ransomware site up only for six hours
- Author: Zachary Reyes Oct 26, 2017,
Oct 26, 2017, 1:17
Prior to this, on 12 may, the virus "Wannacry" had affected hundreds of thousands of computers around the world, paralyzing, particularly health services and british factories of the French vehicle manufacturer Renault.
In their report, Kaspersky Lab researchers said that the latest attack is similar to Petya. However, considering that the ransomware is similar to the one used earlier this year, it'll be better to implement security solutions on your own.
The criminals are demanding a ransomware 0.05 Bitcoin (~R3 804) but as of time of writing it is unclear if the files encrypted by Bad Rabbit can be decrypted.
However, security experts always advise people against paying the ransom.
The Odessa International Airport has also reported on a cyberattack on its information system, however, it is not clear if it is the same attack yet.
U.S. officials said they had "received multiple reports of Bad Rabbit ransomware infections in many countries around the world". Hackers via the ransomware malware are making files unavailable to users and as a effect disrupt the operations.
The number of victims appeared to be significantly smaller than the NotPetya attack, which struck Ukraine and spread to other countries in June, doing hundreds of millions of dollars of damage to some major companies.
According to anti-virus provider Kaspersky Lab, the "Bad Rabbit" cyber attack originated in Russian Federation, but have already caused cyber-security breaches in corporate sites in Germany and Turkey. The malware, dubbed Bad Rabbit, has hit three Russian media outlets, including the news agency Interfax, according to Russian security firm Group-IB.
The Bad Rabbit malware enters enterprise networks when a user on network runs a phony Adobe Flash Player installer posted on a hacked website.
"Once it infects a computer, the ransomware attempts to move laterally using a list of hardcoded credentials, featuring predictable user names such as root, guest and administrator, and passwords straight out of a worst passwords list", Sophos' Bill Brenner wrote.
"While Bad Rabbit does have worm capabilities, it spreads using mostly legitimate methods of lateral movement across a Windows network". Where NotPetya was targeted at Ukraine, Bad Rabbit appears to have primarily hit Russian businesses.
Source code analysis contains references to Game of Thrones dragon characters, Drogon; Rhaegal and Viserion.
First thing's first, enable easily available and free protections on your system: at the very least have Windows Defender running and enabled.
Kaspersky and other security researchers have suggested corporate users to block the execution of file "c: \ windows \ infpub.dat" and "C: \ Windows \ cscc.dat" to prevent infection. The researcher explained that this trick will stop the malware from encrypting the data. "The initial infection vector occurs from a fake Flash update, which is common for malware, but also a manual process with generally low conversion rates".