A new ransomware, dubbed Bad Rabbit, was first spotted on 24th October 2017. The ransomware is the third major spread of malware this year: it follows the wider-reaching WannaCry and NotPetya strains of malicious code. Here’s what we know about Bad Rabbit so far.
The latest strain of ransomware “Bad Rabbit” began spreading across Russia and Ukraine and there have also been various reports of “Bad Rabbit” infections in Turkey, Bulgaria, Japan, Germany, Poland, South Korea and the United States.
The Bad Rabbit ransomware enters networks when a user on your network runs a phony Adobe Flash Player installer posted on a hacked website. Once “Bad Rabbit” Ransomware has infected its first machine within a network, it then uses an open source tool to find any login credentials stored on the machine, so it can spread to other machines in your organisation.
Adobe’s 2020 deadline for the end of Flash can’t arrive soon enough !!
If a person does click on the malicious installer – and given the number of Flash updates issued this is highly probable – their computer locks. After the virus has spread as much as it can on the network, BadRabbit encrypts all files and posts a ransom note instructing the victim to pay 0.05 Bitcoin (about €235/$280/£213) to a specific Bitcoin wallet to decrypt the files
SO FAR – Unlike WannaCry and NotPetya, Bad Rabbit hasn’t spread widely. The majority of incidents have been recorded in Russia and Ukraine. Kaspersky states that “all” of the compromised websites it has seen so far have been news or media outlets.
Here are some tips and ideas on how to stop you becoming the next victim of Bad Rabbit malware :
- Disable Adobe Flash Player and ignore installer prompts.
Back up any important data, this reduces the leverage the hackers have when encrypting valuable files and making them inaccessible.