Bad Rabbit Ransomware Initially Hits Europe, Now Going Global

The US Government alerted the public about a ransomware attack originating in Russia and Ukraine, and now spreading globally. Targeting individuals, businesses, government agencies and medical institutions- hackers restrict your access and ask you for ransom money to get the access back.

This ransomware disguises itself as an Adobe update and locks down infected PCs. Once the PC is locked down completely, negotiation for regaining your access starts once you agree to pay the ransom.  This initially targeted Russian media as well as Ukrainian transport systems. Other countries such as Japan, US, and Germany reported the same issues. From a statement released by the US Computer Emergency Readiness Team, the team “has received multiple reports of ransomware infections … in many countries around the world.”

This highly-virulent Ransomware named the “Bad Rabbit” is a new gimmick for cybercriminals to ask for ransom money. Similar attacks like the NotPetya and WannaCry uses the same strategies to extort money from victims. Bad Rabbit infects a computer, denies access to files and shows a popup button to negotiate for ransom. However, experts and government agencies advised victims to refuse to pay up. We are dealing with criminals here, and there’s no guarantee that you’ll get your files back.

Just this Tuesday, Russian media groups Interfax and Fontanka have been attacked. Ukraine’s transportation terminals Odessa’s airport, Kiev’s subway and the Ministry of Infrastructure of Ukraine also showed the same symptoms. These reports are all confirmed by the Russian cybersecurity firm, Group-IB. Interfax servers shut down due to the cyberattack which seems to have been launched in Europe initially. Affected countries are Ukraine, Russia, Germany, and Turkey. ESET, a Cybersecurity firm stated that Bad Rabbit invasion has been seen in Japan and Bulgaria. Avast told the media that the ransomware just infected US computers, same with South Korea and Poland.

While this might be a smaller version of previous attacks like NotPetya, it holds the same dirty gameplan. Kapersky Lab anti-malware research team head Vyacheslav Zakorzhevsky confirmed that Bad Rabbit targeted corporate networks using the same methods as NotPetya.

This Bad Rabbit ransomware invades computers through imitating an Adobe Flash Installer on another affected media website. Which is why you should be mindful of downloading apps or software from pop-up ads. Avoid clicking external website links that do not belong to your software provider.

ESET found out that once the machine gets compromised by the ransomware, it scans the network of shared folders. It tries to scour common names and steal credentials to affect more computers.

The good news is, most antivirus software can detect the Bad Rabbit ransomware. One of these software is Windows Defender- a well-known tool to defend machines from infection. A Cybereason researcher patented a “remedy” which can stop this ransomware invasion.

Luckily, James Emery-Callcott, a malware researcher said that the ransomware attack is dying down. Callcott observed that the attacker’s server is no longer active and most of the affected sites which host the script display the Flash update prompt. “Fake Flash updates are an incredibly popular method of distributing malware these days. Hopefully, people will start to realize that when you get an unsolicited Flash update, it’s generally going to be bad.” Callcott added.

Malcare WordPress Security