We Are Under Bad Rabbit Attack

By

New ransomware scheme is a variant of the infamous NoPetya worm

A new variant of NotPetya worm, dubbed Bad Rabbit, is wreaking havoc on Windows systems across the globe. The attack initially targeted Russian and Ukrainian corporate networks, but it has now spread across the globe inflecting Turkey, Bulgaria, Japan, Germany, Poland, South Korea, and the United States.

US-CERT, a US agency responsible for mitigating cyber threats, has released an alert. “US-CERT has received multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world. A suspected variant of Petya, Bad Rabbit is ransomware – malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cyber security threats, such as ransomware.”

Researchers at Kaspersky labs said that the ransomware dropper was distributed with the help of drive-by attacks. “While the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actor’s infrastructure. No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer,” said Orkhan Mamedov, Fedor Sinitsyn, and Anton Ivanov of Kaspersky Lab.

Kaspersky Lab suggests disabling WMI on Windows systems to stop Bad Rabbit from digging burrows in your networks.

10/25/2017
comments powered by Disqus