Wednesday, 25 October 2017

Bad Rabbit ransomware is a worrying new threat spreading across Europe

A new strain of ransomware is spreading across Europe at a fast enough pace to elicit worried noises from security companies – and initial comparisons with NotPetya – with at least five countries reportedly affected so far.

Called Bad Rabbit, the malware initially struck computers mostly in Russia, and also Ukraine, Bulgaria, Turkey and Germany. Of course, it’s not unthinkable that the UK could end up in danger here (and perhaps countries further afield, eventually).

Security firm Kaspersky’s research suggests this is an attack on corporate networks, and has affected the Interfax news agency and other publishers over in Russia. In Ukraine, Kiev’s public transport system was also reportedly hit, as was the government (Ministry of Infrastructure). Odessa airport has apparently been affected, too.

The malware demands a ransom of 0.05 Bitcoin as payment to unlock files which have been maliciously encrypted, which is about £215, $280, or AU$365. As ever, there’s a time limit in which the user must pay up, following the expiry of which the amount demanded increases.

Kaspersky further observes that Bad Rabbit employs “methods similar to those used in the ExPetr [aka Petya or NotPetya] attack”, but the company wouldn’t go as far to confirm that it is related to ExPetr.

Another security outfit, ESET, suggested that this particular nasty is a strain of Diskcoder, which is a new spin on Petya.

Fake Flash

Initial infection of Bad Rabbit occurs via a fake Adobe Flash installer offered up for download, which carries the malware that’s triggered upon firing up the EXE file. As the Register reports, the ransomware then tries to spread itself across the network, scanning for SMB shares (SMB stands for Server Message Block – a file sharing protocol in Windows).

At this point, this does not appear to be another cyber-crisis on the scale of WannaCry (which struck back in May) or NotPetya, but there’s time for it to brew into something more calamitous yet.

Of course, the initial infection can be avoided simply by not downloading or double-clicking the malware-laden EXE, and indeed according to reports, some antivirus programs will prevent the ransomware attack anyway (not that this is a risk you want to take, obviously).

If you are ever unfortunate enough to be affected by ransomware, it’s not a good idea to pay up as we discuss in this article. Your best bet is to hunt for an alternative solution, and often security companies will concoct and provide antidotes for common ransomware strains.

Meanwhile, it’s also worth remembering that Microsoft has bolstered Windows 10 with fresh ransomware protection in the latest Fall Creators Update.

  • It’s always good to have one of the best antivirus solutions on your PC
http://ift.tt/2yMNiND

No comments:

Post a Comment