News Express #1 Bad Rabbit: A dangerous ransomware after WannaCry and ExPetr attacks.

mann (61)in #blog • 7 years ago (edited)

After the arrival of WannaCry and ExPetr, a new ransomware attack 'Bad Rabbit' is spreading online. Malicious software has hit Russia yet, although it has been reported in the attacks in Germany, Ukraine, and Turkey. Underground metro of Kiev's, Odessa International Airport in Ukraine & Russian websites Interfax and Fontanka are among those who have been affected so far. Like WannaCry, the virus decides to encrypt the documents on a computer and pay them to unlock them again. The current ruins are being accused of 0.05 bitcoin, which is equivalent to 220 pounds.
Cybersecurity firm Kaspersky Lab says it is investigating the attacks and claims that malware is being downloaded accidentally by victims through fake adobe flash installation file. Kaspersky Labs suggests that computer users back up their data, and warn the victims not to pay the ransom.

According to Kaspersky,

It is a drive-by attack: Victims download a fake Adobe Flash installer from infected websites and manually launch the .exe file, thus infecting themselves. Our researchers have detected a number of compromised websites, all news or media sites. Whether it’s possible to get back files encrypted by Bad Rabbit (either by paying the ransom or by using some glitch in the ransomware code) isn’t yet known. Kaspersky Lab antivirus experts are investigating the attack, and we will be updating this post with their findings.

(To avoid becoming a victim of Bad Rabbit, use Kaspersky & make sure have System Watcher and Kaspersky Security Network running.)

For other users:

Block the execution of files c:\windows\infpub.dat and c:\Windows\cscc.dat.

Disable WMI service (if it’s possible in your environment) to prevent the malware from spreading over your network.