Reports have started to surface that a new strain of
ransomware is spreading through Russia and Europe. This ransomware is called
Bad Rabbit, and first surface up in Russia and the Ukraine, however is starting
to spread through Turkey and Germany, but it’s not fully known how far this
virus has spread.
Some targets that have been attacked and infected by Bad
Rabbit so far include Ukraine’s Ministry of Infrastructure, Kiev’s public
transportation system, along with the Russian news groups Fontanka.ru and
Interfax.
Bad Rabbit appears to be attacking news and media outlets,
along with corporate networks – a method similar to the ExPetr attack. Yet, it
cannot be confirmed if the ExPetr and Bad Rabbit attacks are related.
The way in which Bad Rabbit infects a computer, the virus
first requires the potential victim to download and run a fake Adobe Flash
Player installer file, that way infecting themselves. The fake Adobe Flash
Player installer file is prompted to the user when they visit a compromised
website, most of these websites that have been compromised with the Bad Rabbit
virus are Russian news agencies.
The hackers that created the Bad Rabbit ransomware must have
been fans of the television show Game of Thrones, as throughout the malware
there are references to Daenerys Targaryen’s dragons and Grey Worm.
Computers that have been infected with the Bad Rabbit
ransomware are then directed to a .onion Tor web domain where the user is then
asked to submit a .05 Bitcoin payment which is roughly $280, this will then
release all of their encrypted files and data. On the .onion Tor web domain
that the user is directed to, there is a countdown timer shown before the
requested ransom amount goes up.
At this point, it is not certain if the Bad Rabbit malware
will decrypt all of the users encrypted files once the ransom has been
received, although researchers have performed tests and believe that Bad Rabbit
is unlike the WannaCry malware that will wipe all of the users data and files.
It is always recommended that anyone infected with a
ransomware malware to not pay the ransom, as there are zero guarantees that
once you have paid the ransom that your data and files will be decrypted and
released back to you.
One way to be proactive and prevent yourself falling victim
to the Bad Rabbit ransomware attack is to create a c:\windows\infpub.dat file
and remove all of the write permissions. This will disallow the Bad Rabbit
malware from encrypting your files if ever attacked.
The Bad Rabbit malware is bares similar resemblance to the
WannaCry and Petya attacks that spread around the world earlier this year.
At this time not all anti-virus and anti-malware tools are
able to detect the Bad Rabbit malware, allowing it to go undetected and
continue to infect users’ computers. With this level of severity, it’s
important to take proactive measures and do not download files from any
untrusted sources on the internet.