Ransomware Variants: “BadRabbit”

A new type of ransomware has appeared in Russia, Ukraine and several European regions, named BadRabbit.

This ransomware pretends to be an Adobe Flash installer available for download while people are visiting a compromised legitimate website. Once it is downloaded and executed, it will encrypt the computer immediately or at the next start up.

Impact

BadRabbit

• Has to be executed manually by the user with administrator privilege of the computer
• Encrypts files on the infected system and demands Bitcoin from victims in exchange for device restoration
• Scans the victim’s home or office network to spread to other computers in the same network

Actions Preventing BadRabbit Attack

1. Do not download or execute files from unknown / untrusted sources.
2. Minimize the number of users who have administrator privileges and minimize the use of administrator account in daily user operation.
3. Use customized user name and ensure a “strong” password.
4. Do not open links and attachment in any suspicious emails.
5. Ensure PC has up-to-date Windows patches and latest anti-virus signatures.
6. Backup your files regularly and keep them in a separate and safe place.

As a Victim:

Please DO NOT respond to any kidnapper by attempting payment and instead to report the incident to ITSC and the Police.

Reference:

• HKCERT – New Ransomware “BadRabbit”
  https://www.hkcert.org/my_url/en/blog/17102501
• US-CERT – Multiple Ransomware Infections Reported
  https://www.us-cert.gov/ncas/current-activity/2017/10/24/Multiple-Ransomware-Infections-Reported
• SANS – BadRabbit : New Ransomware wave hitting RU & UA
  https://isc.sans.edu/diary/rss/22964
• Other Ransomware Variants

Please visit here for more Information Security tips.

Created on: 30 Oct 2017