What is Bad Rabbit Attack? And how to prevent it?
On Tuesday many security researchers have reported a new wave of potentially destructive ransomware. This ransomware was known as Bad Rabbit. This malicious attack spread quickly across computer systems in Eastern Europe, including targets in Russian and Ukraine and has been detected in the United States.
This attack was barely showing its properties and its damage pattern was similar to the PETYA/NOT PETYA wiper attack that spread earlier this year.
According to the report generated by the Kaspersky.
Bad Rabbit is previously unknown ransomware family.
The ransomware dropper was distributed with the help of drive-by attacks. This happens when the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actors infrastructure.
The most important thing was that there was no exploits were used.
As no exploits were used so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash Installer.
Once the victim is infected by Bad Rabbit, it begins to compromise the machine. Once the ransomware is installed on the machine, the screen of the victim is presented with a black screen with red text which is similar to petya attack.
As from the above image, the text is nothing but to inform you that all your user files have been accessed and encrypted. The attacker then demands the victim to pay the ransom of 0.05 Bitcoin or about $280(18,902 Rs) in order to regain access to their files.
As from the above image timer is presented on the screen that counts down, threatening that the ransom price will grow up when the clock hits zero.
So far Russia is the most badly hit by Bad Rabbit with over half the victim in that country, including the Moscow based news agency Interfax, Reuters.
Ukraine, Bulgaria, Turkey and Japan have also been affected, causing systems to fail at Ukraine's Kiev Metro and the Odessa International Airport.
The below image shows how much the ransomware has affected the nations.
Twitter user's have also noticed that the creators of Bad Rabbit made references the characters from "Game of Thrones" including "Dragon" and "Grey Worm".
Now the most important thing is that "How can we protect our-self from this attack?"
Security experts are still analyzing the Bad Rabbit ransomware; meantime, malware researchers from Kaspersky are suggesting disabling WMI(Windows Management Instrumentation) service to prevent the malware from spreading over the target network and to block the execution of files
Cse experts also pointed out that C:\Windows\cscc.dat file could be considered a Killswitch for Bad Rabbit; its presence halts the infection process.
To protect your system against this threat:
This attack was barely showing its properties and its damage pattern was similar to the PETYA/NOT PETYA wiper attack that spread earlier this year.
According to the report generated by the Kaspersky.
Bad Rabbit is previously unknown ransomware family.
The ransomware dropper was distributed with the help of drive-by attacks. This happens when the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actors infrastructure.
The most important thing was that there was no exploits were used.
As no exploits were used so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash Installer.
Once the victim is infected by Bad Rabbit, it begins to compromise the machine. Once the ransomware is installed on the machine, the screen of the victim is presented with a black screen with red text which is similar to petya attack.
As from the above image, the text is nothing but to inform you that all your user files have been accessed and encrypted. The attacker then demands the victim to pay the ransom of 0.05 Bitcoin or about $280(18,902 Rs) in order to regain access to their files.
So far Russia is the most badly hit by Bad Rabbit with over half the victim in that country, including the Moscow based news agency Interfax, Reuters.
Ukraine, Bulgaria, Turkey and Japan have also been affected, causing systems to fail at Ukraine's Kiev Metro and the Odessa International Airport.
The below image shows how much the ransomware has affected the nations.
Twitter user's have also noticed that the creators of Bad Rabbit made references the characters from "Game of Thrones" including "Dragon" and "Grey Worm".
Now the most important thing is that "How can we protect our-self from this attack?"
Security experts are still analyzing the Bad Rabbit ransomware; meantime, malware researchers from Kaspersky are suggesting disabling WMI(Windows Management Instrumentation) service to prevent the malware from spreading over the target network and to block the execution of files
Cse experts also pointed out that C:\Windows\cscc.dat file could be considered a Killswitch for Bad Rabbit; its presence halts the infection process.
To protect your system against this threat:
- Create a couple of files C:\Windows\infpub.dat C:\Windows\cscc.dat
- Remove all permissions to both files. When doing this remove the inheritance, so the files do not inherit the perms of the C:\Windows folder.
Comments
Post a Comment