Bad Rabbit is the latest ransomware currently ravishing Russian computer networks
2 min. read
Published on
Share this article
Improve this guide
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Russian companies are under attack from a new ransomware variant dubbed Bad Rabbit.
Spread via infected web pages belonging to Russian media, the malware has already hit hundreds of targets in Russia, Ukraine, Eastern Europe and even Turkey.
This included taking down Interfax, the Russian news agency and the Odessa airport in the Ukraine.
“According to our data, most of the victims targeted by these attacks are located in Russia. We have also seen similar but fewer attacks in Ukraine, Turkey and Germany. This ransomware infects devices through a number of hacked Russian media websites,” said Kaspersky Lab’s Vyacheslav Zakorzhevsky, the head of the anti-malware research team, in a statement. “Based on our investigation, this has been a targeted attack against corporate networks, using methods similar to those used during the ExPetr[NotPetya] attack. However we cannot confirm it is related to [NotPetya].”
Those struck have important data files encrypted and are asked to pay 0.05 bitcoins (around $282) via a hidden service on the Tor dark web, or face having to pay more within 40 hours.
Currently, very few antivirus companies detect Bad Rabbit, which is delivered via a fake Adobe Flash update which may be signed and which has to be manually executed by the victim. It is however also spread horizontally in networks like WannaCry by brute forcing common network passwords, meaning a single careless person could place whole companies at risk.
Numerous anti-virus companies are however gearing up to defend against the attack, though it remains to be seen if the infection, which has spread as far as Germany, can be fully contained. This includes Microsoft’s Malware Protection Centre, who are actively investigating the infestation.
New ransomware #BadRabbit emerging. We’re actively investigating and will have more information to share soon.
— Microsoft Threat Intelligence (@MsftSecIntel) October 24, 2017
Windows Defender is one of the tools which can detect the infection.
Windows Defender Antivirus signatures for #badrabbit (Ransom:Win32/Tibbar.A) are now available in 1.255.29.0 and higher.
— Microsoft Threat Intelligence (@MsftSecIntel) October 24, 2017
Hopefully, remediation following the WannaCry scare early this year will mean there are now much fewer vulnerable PCs than before. Microsoft’s most consistent advice has always been to keep PCs updated to the latest version of all software, which should include the latest multi-layers security and mitigation technologies.
Via Vice.com
