'Bad Rabbit' ransomware hits multiple countries in large-scale cyberattack


No infection reports related to Bad Rabbit ransomware attack have been received so far from Azerbaijan's state structures, a source in the Community Emergency Response Team (CERT) under Special Communication and Information Security State Agency of the country's Special State Protection Service told Trend on October 25.

An emerging ransomware attack, Bad Rabbit, has infected systems across Russian Federation and Ukraine and is spreading across the globe - even as firms are still recovering from recent widespread disruption caused by the devastating WannaCry and Petya cyber attacks. Similar but fewer attacks have also been seen in other countries - Ukraine, Turkey and Germany.

The ransomware makes the data stored on infected computers inaccessible by encrypting it and demands a ransom payable in Bitcoin for the keys needed to decrypt the data.

Looking ahead, Palo Alto says because the initial attack vector is through bogus updates, Bad Rabbit attacks can be prevented by just getting Adobe Flash updates from the Adobe website. At the end of June, an attack on the "ransomware" software (ransom), which is caused by the computer virus " NotPetya " and had begun in Russian Federation and Ukraine, had affected thousands of computers around the world.

As always, U.S. officials are urging victims not to pay the ransom as there is no guarantee whatsoever that the hackers will give you the encryption key.

The Bad Rabbit ransomware infiltrated computers by posing as an Adobe Flash installer on compromised news and media websites.

It is believed to be behind the trouble and has spread to Russia, Ukraine, Turkey and Germany. "By teaching your users not to simply click on any link that is presented to them, you may be able to limit your exposure", he said. The Flash download has been installed in websites using JavaScript injected into the HTML or Java files of the affected websites.

"While Bad Rabbit does have worm capabilities, it spreads using mostly legitimate methods of lateral movement across a Windows network".

The malware experts excluded the Bad Rabbit ransomware uses the EternalBlue exploit.

Jakub Kroustek, malware analyst at Avast Software s.r.o agreed with the relationship with previous forms of malware, saying that "we're classifying Bad Rabbit as malware, with code resembling NotPetya". While it's not clear who is behind Bad Rabbit, one thing is for certain - they are a fan of Game of Thrones.

"Some might say - why after WannaCry and NotPetya are systems still unpatched?" Code used in the malware contains the names of different characters from the series.

According to malware researcher James Emery-Callcott, the ransomware campaign is slowly dying down.

While the scale of the Bad Rabbit attack remains to be seen, it further highlights the urgent need for firms to leverage re/insurance capacity to cover growing cyber threats. "Hopefully people will start to realize that when you get an unsolicited Flash update, it's generally going to be bad".