There's a new ransomware called Bad Rabbit that has been spreading via compromised websites. Although primarily affecting Russia, Ukraine, Turkey and Germany, it's believed that it could spread further. A number of websites have been found to be compromised by the ransomware's authors, who appear to have targeted websites that make use of videos on their pages (such as news and gossip sites). When a user visits these pages they will be told they either need to update their Adobe Flash Player or they need to install Flash Player, but the file that they download and run is actually the ransomware masquerading as Adobe Flash Player files.
Once the file is installed it will attempt a brute force attack on the network and try spread to other computers. Once that has been completed, it not only encrypts the files on the infected computer but also the master boot record. This means that not only can you not recover your files from the hard drive, you cannot even access your operating system due to the encrypted master boot record.
Bad Rabbit will demand 0.05 Bitcoin as the ransom which, at time of writing, is close to $300. It shows very similar characteristics to the NotPetya malware which spread rapidly in June 2017. This has raised concerns as to whether Bad Rabbit is a ransomware or if it's a wiper like NotPetya was. It does not appear to exploit vulnerabilities so there are no patches users can implement at this time, and it mainly relies on social engineering to trick people into downloading and installing the malware.
How to protect your computer and data?
Once the file is installed it will attempt a brute force attack on the network and try spread to other computers. Once that has been completed, it not only encrypts the files on the infected computer but also the master boot record. This means that not only can you not recover your files from the hard drive, you cannot even access your operating system due to the encrypted master boot record.
Bad Rabbit will demand 0.05 Bitcoin as the ransom which, at time of writing, is close to $300. It shows very similar characteristics to the NotPetya malware which spread rapidly in June 2017. This has raised concerns as to whether Bad Rabbit is a ransomware or if it's a wiper like NotPetya was. It does not appear to exploit vulnerabilities so there are no patches users can implement at this time, and it mainly relies on social engineering to trick people into downloading and installing the malware.
How to protect your computer and data?
- Make a full backup of everything on your computer
- Use and up-to-date reputable antivirus. Make sure it's not a rogue security system (fake antivirus)
- Avoid Flash Player updates or installation downloads until this matter has been resolved. If you must update or install Flash Player, make sure to get it from the Adobe website itself and not from other websites.
- Be careful of suspicious or unsolicited emails. Bad Rabbit has not been found to spread via email but the attackers could turn to it as a method of spreading the malware. Don't be afraid to question any emails that you feel even slightly suspicious about, even if it appears to come from a legitimate source. If you are suspicious of an email, do not click on any links or open any attachments on those emails until you have confirmed the legitimacy of them.
- Implement the latest patches for your system when they get released (Microsoft usually release patches every Tuesday). This is to ensure that you are protected against the latest known vulnerabilities that the attackers may try to exploit at a later stage.