Bad Rabbit ransomware on the prowl

New ransomware scourge picked up in Russia, spreading to Germany

Installing via Adobe Flash Player updates

A new ransomware outbreak has been discovered.

Dubbed BadRabbit it broke out in Russia but ransomware can spread around the world within hours so caution is advised.

It has also been detected in Ukraine, Turkey and Germany.

The ransomware is disguised as an Adobe Flash Installer and has been planted on legitimate websites that have been compromised.

If someone tries to update Adobe via the fake installer the ransomware is effectively let loose and begins encrypting all files on the computer, making them impossible to access.

Victims are then asked to pay a 0.05 Bitcoin (£220) ransom in exchange for their computers to be restored.

Adobe Flash Player is a favourite for cyber criminals, who either keep finding security holes in the software or, as in the case of Bad Rabbit, disguise malware as the Flash Player installer.

Recommendations

  • Adobe Flash Player is so full of holes and is exploited so regularly that it is being killed off in 2020, that is, Adobe will stop supporting it.
  • People can protect themselves by disabling Adobe Flash Player on their computers and most certainly ignoring prompts to update Flash Player installers.
  • Browsers today run something call HTML5 which has the ability to display the dynamic content that Flash was originally required to display. We recommend using a browser that supports HTML5  and either the H.264 video codec or the WebM format, such as: Google Chrome / Microsoft Edge / Firefox * / Opera / Apple Safari.
  • This means that there will no longer be a need for constantly updating a plugin such as Adobe Flash Player. If you disable it you may find there is some content you can’t access but this is marginal.
  •  

BullGuard protects your computer from ransomware

TRY NOW FOR FREE - 90 DAYS
 

 

Will Bad Rabbit spread?

The $64,000 question is will Bad Rabbit spread and if so how far?
  • If you recall the WannaCry ransomware infection it spread around the globe within hours infecting millions of computers.
  • However, within its code it had a worm element which means it was also designed to burrow into networks and infect other computers once it had installed itself on one machine.
  • Bad Rabbit has a similar feature. Its structure includes a list of simple username and password combinations which it can exploit to move across networks. The list includes the usual suspects for weak passwords such as simple number combinations and 'password'.
  • If you’re running BullGuard security software you are protected. BullGuard recognises the Bad Rabbit code as malicious and automatically blocks it.
  • That said, it doesn’t hurt to be careful in your browsing habits and treat with a degree of suspicion Flash Player installer requests to update or click on links that come to you unbidden.

Who is Bad Rabbit targeting?

The early evidence suggests it is aimed at corporate networks.

For instance media outlets Interfax and Fontanka in Russia have both been hit as well as Odessa Airport and the Kiev Metro in Ukraine.

At the time of writing it hasn’t been detected further afield beyond some outbreaks in Germany.
Filed under: Internet Security

Written by Steve Bell

Steve has a background in IT and business journalism and has written extensively for both the UK national and trade press including The Guardian, Independent-on-Sunday, The Times, The Register, MicroScope and Computer Weekly. He's also worked for most of the world's largest IT companies producing content producing. He has a particular focus on IT security and has produced several magazines in this area.

More articles by Steve Bell

Leave a Reply

 

 

 

Please enter the code

Please enter the captcha code!

Security code

Ranked #1 by industry experts

BullGuard Internet Security Cup

BullGuard
Internet Security

Free download
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.