Bad Rabbit Ransomware Hits Russia and other Countries Globally!
Bad Rabbit ransomware is spreading through Russia and the Ukraine. The new ransomware is believed to be a variant of the Petya ransomware, but that is not confirmed at this time. Russia is the primary country targeted by Bad Rabbit. There are some infections in the Ukraine, Turkey, Germany, Poland, South Korea, and the United States as well. The ransomware targets corporate networks. This ransomware was detected and reported by Kaspersky Lab.
Bad Rabbit blocks access to the infected machine’s files. Kaspersky reports that Bad Rabbit infected machines are sent to a web page that demands a ransom of 0.05 Bitcoins to get regain access. The web page also hosts a countdown timer that gives the user about 41 hours to pay before the ransom increases.
How is Bad Rabbit Distributed?
Bad Rabbit appears to be spread by a spoofed Adobe Flash update and uses EternalBlue. Bad Rabbit also uses the Trojan-like Mimikatz tool.
Who is Affected?
Three Russian media organizations including Russian news agency Interfax report Bad Rabbit infections. In all, about 50 organizations are infected by Bad Rabbit Ransomware. Ukrainian organizations affected by the attack are Odessa International Airport’s information system, the Kiev Metro’s payment system, and Bakhmut which is Ukraine’s municipality website.
How do I Stop Bad Rabbit Ransomware?
Kaspersky Lab, who discovered the spread of the cyber attack, states that device users should block the executable files at c: \ windows \ infpub.dat and C: \ Windows \ cscc.dat. Blocking the execution of these files will not allow Bad Rabbit to install and prevent infection.
To block the execution of these files proactively and protect your device, do the following:
- Create the files c:\windows\infpub.dat && c:\windows\cscc.dat
- Remove ALL PERMISSIONS and you are now vaccinated
