SAT News: Bad Rabbit: New Ransomware Reminiscent of Petya

A widespread ransomware attack dubbed "Bad Rabbit" is spreading through Europe and has already affected over 200 major organizations, primarily in Russia, Ukraine, Turkey, and Germany. The Petya-like attack is demanding 0.05 bitcoin (~285) as ransom to unlock systems with a 40-hour timer before the price increases.

According to initial analysis, this ransomware was being distributed via drive-by download attacks, using fake Adobe Flash player installs in order to lure unsuspecting victims into installing the malware.

Additionally, ESET believes this new wave of attack is using the EternalBlue exploit in order to spread throughout networks. Along with a hardcoded list of commonly used credentials, Bad Rabbit ransomware also uses the Mimikatz post-exploitation tool to extract credentials from the affected systems.

Since Bad Rabbit is taking advantage of the EternalBlue vulnerability to spread, it is highly recommended that users apply the Microsoft issued patches ASAP. Another suggestion would be to disable WMI service to prevent the malware from spreading over the network.

As always, with any ransomware attack spread through phishing emails, malicious advertisements, and third-party apps, always use caution when opening documents and clicking links in order to safeguard against these types of attacks.

Finally, it is recommended to keep a good backup routine in place that makes copies to an external storage device that is kept off site as a quick snapshot to a previous backup can save a lot of time and money.

For more on how to keep your information safe, click here.

Nuspire Insights

Nuspire Infographic

Contact Us

Leave this empty: