Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Bad Rabbit Ransomware

 

Systems Affected


According to the reports, Bad Rabbit only affects Windows computers

Threat Level


High


Overview


Users are getting affected, where ads display fake Adobe Flash software updates. When the software is downloaded and run, the user is infected with Ransomware where their files will be encrypted.


Description


Once compromised, the malware is attempting to propagate through the network, exploiting SMB protocol using the EternalBlue vulnerability in SMB v1 protocol. Bad Rabbit is behaving similarly to both WannaCry and NotPetya in this sense. The cyber criminals behind Bad Rabbit are locking computers down and demanding 0.05 Bitcoin #( 220) from victims, in exchange to provide the decryption key for their devices. According to the Bad Rabbit ransom screen, the fee will rise in the near future.


Impact


Once infected with the Ransomware, users will lose access to their computers. They will see an image that says the files are encrypted and to recover the files users should submit the payment and get the decryption password.


Solution/ Workarounds


Ensure you apply all updates on all your computers and devices. Its particularly important to apply the latest Microsoft updates. Do not run software updates that are prompted by a third-party site. If you do need to s website. Ensure your anti-virus software is running and up-to-date. Make sure you back up your system. Store your files securely offline. Consider removing Adobe Flash from your computer. This may affect functionality on some websites.


References


https://www.cert.govt.nz/businesses-and- individuals/recent-threats/ransomware-called-bad-rabbit-affecting-international- systems/?utm_medium=email&utm_campaign=Ransomware%20called%20Bad%20Rabbit%20affecting %20international%20systems_215_1508901490&utm_content=Ransomware%20called%20Bad %20Rabbit%20affecting%20international %20systems_215_1508901490+CID_ff3386bd1f90a7b5838f8145c50ab229&utm_source=CM %20emails&utm_term=Read%20the%20full%20advisory
https://www.us- cert.gov/ncas/current-activity/2017/10/24/Multiple-Ransomware-Infections-Reported
https://nakedsecurity.sophos.com/2017/10/24/bad-rabbit-ransomware-outbreak/ https://www.independent.co.uk/life-style/gadgets-and-tech/news/bad-rabbit-latest- ransomware-wannacry-petya-europe-russia-ukraine-turkey-germany-outbreak-a8017911.html


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.