Emmanuel Marshall 26 October 2017 14:43:18 AEDT 3 MIN READ

Emerging Ransomware Attack – ‘Bad Rabbit’ – Hitting Europe and Turkey

On Tuesday morning (24
th Oct) a new ransomware attack started appearing in Russia and surrounding regions. Dubbed ‘Bad Rabbit’, this malware seems to be targeted at corporate networks and is disguised as a fake Adobe Flash Installer.

Bad Rabbit victims are being lured to a bogus media page, where they are asked to download a fake Flash Installer.
Links to the malicious media pages are being found on legitimate news websites, so it’s easy for potential victims not to notice anything awry until it’s too late.

The Bad Rabbit threat has now been reported in Russia, Ukraine, Germany, Bulgaria and Turkey.



The Ongoing Ransomware Threat


Tech website Gizmodo have pointed to coding and format similarities between Bad Rabbit and the Petya ransomware attacks which caused havoc in 2016.
There are also superficial similarities to NotPetya, which struck earlier this year (although NotPetya seems to have been authored simply to damage victims computers rather than actually collect ransoms).

Once security infrastructure is updated to combat a malware attack, the hackers mutate and evolve the code they use to try and evade detection. While each of these malware attacks - Petya, NotPetya and Bad Rabbit - are unique, there is some evidence that the criminals who create them recycle old code to make each new iteration.

How Can Bad Rabbit be Avoided?


Because this malware is linked from trusted websites, it is very easy for victims to be taken in by the scam.

Once the victim’s system is infected, they are locked out of their computer and get a ransom demand for 0.05 Bitcoin (Approx US$280.00). If the ransom demand is not met within 40 hours the price increases.

If you see any dialogues asking you to download an Adobe Flash Installer, it would be prudent to check the source of the download carefully before following the prompts to make sure it's authentic.


Stay Vigilant About Web Security


- Always hover your mouse over links within emails and check the domain they’re pointing to. If they look suspicious or unfamiliar don’t open them.

- Cybersecurity threats take many different forms from simple spyware downloads to sophisticated ransomware attacks. Your business can be exposed to a wide variety of different vectors: through peripherals; USB devices; networks; attachments; etc. Security best practice recommends a layered defence strategy, incorporating endpoint and antivirus to protect users against web threats and malware. 

- 9 out of 10 cyber-attacks are delivered via email, so it's essential to have the best email filtering in place to protect your systems. For a few dollars per staff member per month, you can have the peace of mind of MailGuard's comprehensive cloud-based email and web filtering. You’ll significantly reduce the risk of zero-day (previously unknown) threats and stop new variants of malicious email from entering your network.

- Keep up to date on the latest scams by subscribing to MailGuard’s weekly update or follow us on social media. If you’re experiencing problems, you can speak to a cloud security specialist on 1300 30 44 30 or email expert@mailguard.com.au.