2017 so far is turning out to be quite a year for the ransomware attacks. Earlier this year, both WannaCry and Petya ransomware were in the news as they hit several companies and institutes across the world. Now another ransomware is creating a nuisance, particularly for Russia last week. This new strain of ‘Bad Rabbit’ bears similarities with the WannaCry and Petya ransomware and has been found spreading in the Ukraine, Russia and around the globe. Using Bad Rabbit, hackers encrypt user’s data on a computer and demand for a ransom starting from 0.05 bitcoin or $280.
Image: Bad Rabbit ransomware (image source)
Russia badly affected by ‘Bad Rabbit’
According to the latest news resources, a number of high profile institutions were hit hard by the Bad Rabbit in Russia and Ukraine. So far three Russian websites, private Russian news agency Interfax, an airport in Ukraine and an underground railway in the capital city, Kiev have been affected by the ransomware. According to the head of Russian cyber-security firm Group-IB, Ilya Sachkov:
«In some of the companies, the work has been completely paralyzed – servers and workstations are encrypted.» (quote source)
This ransomware also targeted top Russian banks but it was not able to penetrate in any of their networks.
Meanwhile, according to the US officials, similar but fewer attacks have been observed in Ukraine, Turkey, and Germany as well. Cybersecurity firm ESET has also identified cases of Bad Rabbit in Japan and Bulgaria. Avast, another security company says the ransomware has been detected in the U.S, South Korea, and Poland as well.
What is known about Bad Rabbit so far?
According to the Russian security firm, ESET, the malware was distributed via a bogus Adobe flash update. Once the update request is accepted, the ransomware locks down the computer screen and demands a ransom. If the ransom is not paid within approximately 40 hours, the cost of decrypting the lost data is increased. Furthermore, according to ESET, once the ransomware infects a machine, it scans the network for shared folders with common names and attempts to steal and exploit user credentials to get on other computers and networks. Although it is still not clear who is behind the attack, the attackers appear to be Game of Thrones fans. The ransomware code contains references to Drogon and Rhaegal dragons that appear in the TV series and books.
Experts and government agencies advise victims not to come under pressure and the let hackers exhort money out of their victims. US agencies have warned that there is no guarantee that users will retain their hacked data after paying ransom.
It serves as a reminder that people should never download anything from the pop-up advertisements or websites that don’t belong to the software company. It is always a wise move to install anti-virus software and keep it updated. Many companies and institutions were saved from the attacks as their anti-virus systems detected Bad Rabbit ransomware on time.
Last line of defense: an updated backup inaccessible to Ransomware
In any case, the best thing companies can do is to have an updated backup totally inaccessible to Ransomware, such as the one automatically provided by SMiD Cloud.
Update: Malware analyst Amit Serper, principal security researcher of Cybereason, has found a “prevention method”. According to the Amit Serper tweet:
Image source: Amit Serper twitter