There have been three major international cyberattacks this year using ransomware for extorting money from victims across the globe. It started with the NotPetya and WannaCry worms and now moves to a much-improved and dangerous virus called “Bad Rabbit”. The apparent ransomware, similar to its counterparts, is attacking corporate networks.
According to a report, initial targets include Kiev’s public transportation system and Ukraine’s Ministry of Infrastructure. Russia quickly issued an official update regarding the situation claiming it was hacked by the “Bad Rabbit”. Work on restoring systems began instantly, but things seem to be getting worse as numerous isolated reports reveal the infections spreading worldwide.
So far, Bad Rabbit has made its way into the US, South Korea, Poland, Germany, Japan, Bulgaria, and Turkey. According to reports from Kaspersky, the ransomware holds ties to NotPetya and ExPetr, focusing on the trend of targeting media outlets too (the virus attacked Russian news group Fontanka.ru). Continue reading to learn how the ransomware spreads and what you can do to protect yourself!
How Does the “Bad Rabbit” Ransomware Spread?
The ransomware does not use passive means as previous epidemics, but instead requires a prospective victim to download and execute a bogus Adobe Flash update. Upon initiating the program, the virus spreads vigorously using an open-source tool MimiKatz to find any login credentials stored on the machine and then encrypt all data.
The virus then uses the same credentials for spreading the ransomware to other machines. According to a recent discovery, there have also been indications of Bad Rabbit using NSA’s EternalBlue tool, common in previous WannaCry and NotPetya attacks. However, there have been contradicting statements claiming the virus simply uses stolen passwords for spreading.
Regardless of the method of attack, once the Bad Rabbit spreads on a laptop/computer, it completely shuts down. Within seconds, you will be seeing a screen demanding 0.05 Bitcoin (£220) from victims, in exchange for the restoration of their devices. We strictly advice paying the ransom, as it encourages more attacks. In addition, there is no guarantee the hackers will even honor their word, if you pay the sum. The only solution is to remove the malware, for which you need to read the next section.
How to Protect your Computer against Bad Rabbit?
As mentioned earlier, the Bad Rabbit ransomware spread online by posing as an Adobe Flash installer. This means, it is crucial that you abstain from downloading any kind of software/utility/add-on/extension from pop-up advertisements or websites that do not have any link to the official software company. This attack serves as a good example, as to why users should avoid installing pirated applications.
Another way is to make sure that your computer uses the latest version of the anti-virus or anti-malware. Products like Kaspersky, ESET, and Malwarebytes regularly update their virus signature databases for protecting against the latest threats. Most importantly, follow the wise words of Amit Serper (researcher at Cybereason) for immunizing your computer against the Bad Rabbit infection.
I can confirm – Vaccination for #badrabbit:
Create the following files c:\windows\infpub.dat && c:\windows\cscc.dat – remove ALL PERMISSIONS (inheritance) and you are now vaccinated. 🙂 pic.twitter.com/5sXIyX3QJl
— Amit Serper (@0xAmit) October 24, 2017
You will need administrator rights to perform this action on Windows. However, if you need systematic guidance, read this detailed blog to walk through the process. If this does not work, you have plenty of more tips available for protecting yourself against the Bad Rabbit.
The sudden surge in cyberattacks worldwide raises huge concerns in the field of online and enterprise security. The last thing anyone needs is their data being encrypted and inaccessible until they pay a huge ransom. So, if you want to protect yourself, make sure to follow the guide above for vaccinating your PC. It is time we get this Bad Rabbit situation in control. Best of luck people!