New ransomware scourge picked up in Russia, spreading to Germany
Installing via Adobe Flash Player updates
A new ransomware outbreak has been discovered.
Dubbed BadRabbit it broke out in Russia but ransomware can spread around the world within hours so caution is advised.
It has also been detected in Ukraine, Turkey and Germany.
The ransomware is disguised as an Adobe Flash Installer and has been planted on legitimate websites that have been compromised.
If someone tries to update Adobe via the fake installer the ransomware is effectively let loose and begins encrypting all files on the computer, making them impossible to access.
Victims are then asked to pay a 0.05 Bitcoin (£220) ransom in exchange for their computers to be restored.
Adobe Flash Player is a favourite for cyber criminals, who either keep finding security holes in the software or, as in the case of Bad Rabbit, disguise malware as the Flash Player installer.
- Adobe Flash Player is so full of holes and is exploited so regularly that it is being killed off in 2020, that is, Adobe will stop supporting it.
- People can protect themselves by disabling Adobe Flash Player on their computers and most certainly ignoring prompts to update Flash Player installers.
- Browsers today run something call HTML5 which has the ability to display the dynamic content that Flash was originally required to display. We recommend using a browser that supports HTML5 and either the H.264 video codec or the WebM format, such as: Google Chrome / Microsoft Edge / Firefox * / Opera / Apple Safari.
- This means that there will no longer be a need for constantly updating a plugin such as Adobe Flash Player. If you disable it you may find there is some content you can’t access but this is marginal.
Will Bad Rabbit spread?
The $64,000 question is will Bad Rabbit spread and if so how far?
- If you recall the WannaCry ransomware infection it spread around the globe within hours infecting millions of computers.
- However, within its code it had a worm element which means it was also designed to burrow into networks and infect other computers once it had installed itself on one machine.
- Bad Rabbit has a similar feature. Its structure includes a list of simple username and password combinations which it can exploit to move across networks. The list includes the usual suspects for weak passwords such as simple number combinations and 'password'.
- If you’re running BullGuard security software you are protected. BullGuard recognises the Bad Rabbit code as malicious and automatically blocks it.
- That said, it doesn’t hurt to be careful in your browsing habits and treat with a degree of suspicion Flash Player installer requests to update or click on links that come to you unbidden.
Who is Bad Rabbit targeting?
The early evidence suggests it is aimed at corporate networks.
For instance media outlets Interfax and Fontanka in Russia have both been hit as well as Odessa Airport and the Kiev Metro in Ukraine.
At the time of writing it hasn’t been detected further afield beyond some outbreaks in Germany.