On 24 October 2017 (Tuesday), a new ransomware was let loose on the Internet. It is known as Bad Rabbit and seems to bear similar characteristics to the infamous NotPetya ransomware.
Victims of Bad Rabbit
Organizations in Russia and Ukraine were the initial casualties of this ransomware – they include Ukraine’s Ministry of Infrastructure, Kiev’s public transportation system and the Russian news service Interfax. By Tuesday evening, the infection reportedly spread to Turkey and Germany. There were alerts from Bulgaria, Japan, Poland, South Korea, and the United States as well.
How the infection started
Bad Rabbit ransomware appears to have infected its victims by posing as a bogus Adobe Flash installer on compromised news and media websites in Russia.
After infecting the first machine in a network, Bad Rabbit digs out login credentials stored on the machine and uses them to burrow into other machines in the network. Thereafter, it begins encrypting files (Windows Office, image, video, audio, email, etc.) before posting its ransom note. Bad Rabbit demands a ransom of 0.05 bitcoin (about $280 at the current exchange rate).
How to stay safe
- When you are downloading a software (a new one or an update), always do it from the software manufacturer’s official website. Never do this by clicking on a link in an email or from a third party website.
- A large number of malware attacking web browsers is dependent on vulnerabilities that affect Adobe Flash Player. It is therefore recommended to stop using Flash altogether. However, if you are still using it, ensure it is the most recent version.
- Keep your computer OS and applications up-to-date.
- Click on the Windows Start Menu and select or type ‘Control Panel’.
- Select or type ‘Windows Update”.
- Select ‘Check for Updates’.
- Install all recommended updates.
- Take regular backups of your important data. While you store these backups online, consider offline storage that is physically isolated from the rest of your company.
- Avoid using your computer with administrator privileges – use it as a standard user. If a malware like Bad Rabbit infects a computer that has administrator privileges, it can directly spread to other computers in the network without the need of any login credentials.
- Do not trust emails urging you to click on links or download attachments. If such an email comes from someone you know, inquire about it with the sender first and then take an appropriate action.
Quick Heal successfully detects Bad Rabbit as follows:
Quick Heal Security Labs has presented a detailed analysis of how this ransomware works. You can go through it here.