HOT LINE 1654

Alerts

Bad Rabbit Ransomware

24 Oct 2017

A new ransomware known as Bad Rabbit  which was appeared to be spreading more than 200  countries worldwide. The ransomware penetrate to the systems with name as “Win32/Diskcoder.D” “Trojan-Ransom.Win32.Gen.f”, “Win32/Tibbar”, “Troj/Ransom-ERK”

It does not exploit software vulnerabilities, but rely on the traditional click-and-infect method. Basically it tricks victims to download a fake Adobe Flash Installer when they visit compromised websites. This ransomware uses EternalRomance, a remote code execution exploit that will spread itself within the infected organisation’s network through Windows File Sharing protocol to bypass security over file-sharing connections and enabling remote code execution on Windows clients and servers.

Bad Rabbit is like any other ransomware which encrypts files and prevents the owner from accessing them. Personal, sensitive, or proprietary information may be lost through ransomware infection. This ransomware encrypts commonly used data files including Word Documents and multi-media files (i.e. image, video, audio). A ransom note will be displayed on the infected machines. The victim is expected to pay 0.05 bitcoin (estimated to be about USD$285 at current rate) as ransom to unlock their systems. Cyber Security Center recommends:

    • Avoid the malicious websites listed above in the "Known Compromised Websites" section.
    • Ensure that your Windows-based systems are fully patched. In particular, security update (MS17-010) should be applied
    • Do not click on suspicious links to websites that you do not recognise or are sent from people you do not know. These websites may contain malicious codes that infect a visitor’s computer with ransomware.
    • Disable WMI service (if it’s possible in your environment) to prevent the malware from spreading over your network.
    • More importantly, do not download software from unofficial or disreputable sources. Such software—especially pirated software—may have ransomware or other malicious software bundled with it.