He is already doing “victims” in Russia and Ukraine demanding a bitcoin blackmail. Here’s what Bad Rabbit is and how you can defend yourself.
Bad Rabbit. This is the name given by the researchers of ESET, Kaspersky and Proofpoint to a new ransomware that is already killing victims (about 200 at the moment) in Ukraine and Russia and, apparently, also in Turkey and Germany. This would be an evolution of the infamous NotPetya that has already successfully attacked the Ukrainian Ministry of Infrastructures, the Kiev public transport system and the Russian news services Interfax and Fontanka.ru.
From the first information Bad Rabbit is propagated with the collaboration of the victims that download the malware through an Adobe Flash installer. The rest, being a ransomware, is known. The infected computer connects to a Tor domain to receive the bitcoin ransom request for an amount of about $276. At this point a countdown starts (about 40 hours), after which, if not yet paid, the amount requested increases.
The source of the attack is not yet known, but for now a list of compromised sites is already online and Kaspersky has already released some details on how to avoid the infection. In practice it is necessary to block the execution of the files c: \ windows \ infpub.dat and c: \ Windows \ cscc.dat and disable the WMI service to prevent propagation on the network.
Sophos also recommends:
- Keep your software up-to-date by downloading the latest patches.
- Perform backups regularly and provide a backup that is not connected to the network. There are a dozen ways a ransomware can erase data in seconds, such as in case of fire, device theft, or even accidental deletion.
- Encrypt your backup to prevent it from ending up in the wrong hands.
- Only a multi-layer defense can guarantee real protection solution. Criminals are constantly trying to find flaws in security products, and by adding more levels of protection, the probability of attack is lower.
- Download the free version of Sophos Intercept X, for home users, sign up for the free version of Sophos Home Premium Beta, which prevents ransomware by blocking unauthorized file encryption.
“It was only a matter of time before anyone took advantage of the ideas behind WannaCry and NotPetya to hit again. The ransomware called Bad Rabbit hits through a fake Adobe Flash Player installer. What makes this malware so dangerous compared to any ransomware is the speed with which it propagates through attachments of emails or vulnerable web plugins. The first clues suggest that it contains the same “password stealing” tool of NotPetya, thus allowing to paralyze any company in a very short time, ” said Chester Wisniewski, principal research scientist of Sophos.