Wednesday 1 November 2017, Poradnik bezpieczeństwa

Bad Rabbit – a new dangerous ransomware

Lost24

Bad Rabbit – a new variant of a famous Petya ransomware – was recently spreading across Russia, Ukraine, Germany and Japan servers and computer systems. The attack began on October 24, however, new victims are still being identified.

According to security experts from the ESET company, the highest infection vector for Bad Rabbit was detected in Russia (over 65% of indentified cases), Ukraine (12%), Germany (2.4%), and in Japan (3.8%). ESET emphasizes that all attacks on individuals (over 200 cases) were carried out simultaneously.

Security experts also report that the ransomware used in the attacks (denoted as Win32/Diskcoder.D) was distributed through a fake Adobe Flash update, offered up from compromised websites.

After installation on to the system, the Bad Rabbit encrypts the contents of the infected computer and asks the victims to pay .05 Bitcoin, or roughly 276 USD (about 1000 PLN) in exchange for their data.

As always, the security experts discourage the victims from paying the ransom. For one, there is no guarantee of retrieving the encrypted data back, and most importantly, refusing to pay the ransom discourages future ransomware attacks.

According to the analysis by virus checking site Virus Total, Bad Rabbit is still undetected by the majority of anti-virus programs. Therefore, it is essential to always have a copies of valuable data, stored at an external storage device that is not always connected to the PC.