Earlier this year, two large-scale ransomware attacks,WannaCry and Petya, wreaked havoc around the world. Making headlines this week, is the emergence of a new dangerous ransomware, dubbed ‘Bad Rabbit’, a suspected variant of the Petya attack.
With several Russian media outlets and Ukraine’s Odessa International Airport infected first, the malware has now reached the US, Germany and Turkey. As Bad Rabbit continues to spread, make sure you understand how this new cyber-attack operates, and just how to avoid it.
What is Ransomware?
Ransomware is a type of malware that holds files “hostage” on a computer using encryption. Encryption converts files into another format which can only be decoded by a specific key. Once the ransomware is installed, it displays a message, claiming the computer will remain locked until a certain dollar amount is paid within a certain time frame. Cyber criminals then hold your files ransom by promising to provide the decryption key after payment is made.
What is Bad Rabbit?
The ‘Bad Rabbit’ attack occurs when a target visits a legitimate website, which in turn has a malware dropper downloaded onto it from an attackers infrastructure. A malware dropper is a type of hidden malware, which launches viruses after they are manually installed. In this case, Bad Rabbit masquerades as an Adobe Flash update on a website, which allows the malware to be installed after a user innocently clicks it. Once installed, the ransomware encrypts a victim’s files and disk, leaving their data completely unaccessible or recoverable.
Once infected, victims are directed to a ransom demanding 0.05 bitcoin – currently AUD $389 – to be paid within 40 days. Worryingly, experts have found some of the code found in Bad Rabbit was seen in the Petya attack this June. Other similarities include the use of the same list of domains, along with the techniques used to spread the malware through networks.
How to avoid it
To protect yourself against Bad Rabbit and future malware attacks, ensure you install the latest security software patch, continue to back up data and use proper antivirus software services. Thankfully, Webroot have announced their SecureAnywhere Endpoint Protectionsolution already protects against this ransomware variant through their Threat Intelligence Network.
A new trick has also been discovered by security researcher, Amit Serper who explains all you need to do is create two files and remove all permissions for them. This means that even if you come into contact with Bad Rabbit, it will not be able to cause any damage.
With three dangerous ransomware attacks spreading globally this year, it’s important to keep yourself educated about the latest ways to secure your data. If you need assistance in implementing a data security plan, contact us today.