Two large-scale ransomware attacks have wreaked havoc across the globe this year - WannaCry and ExPetr (also known as Petya and NotPetya). Now there’s a third, seemingly less lethal, dubbed Bad Rabbit.
Malware is malicious software intended to damage or disable computers and computer systems. Ransomware is a type of malware. Ransomware infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.
Bad Rabbit was first discovered on Oct. 24, 2017 in Russia and the Ukraine.
The United States Computer Emergency Readiness Team (US-CERT) has received multiple reports of Bad Rabbit infections in many countries around the world. Bad Rabbit doesn’t seem to be as bad as WannaCry and ExPetr, which indiscriminately infected targets. It seems like Bad Rabbit specifically attacks corporate networks.
Bad Rabbit tricks computer users into infecting themselves. The malware masquerades as an Adobe Flash installer that launches from legitimate websites that have been compromised.
According to Kaspersky Lab, all of these are news or media sites.
Unsuspecting users download and install the malicious software, which encrypts all of their files, making them impossible to access. The downloaded file named install_flash_player.exe needs to be manually launched by the victim.
US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored.
No AM Data Service clients have been hit with Bad Rabbit. Our clients are protected from this ramsomware because we have taken proactive measures to prevent its proliferation. If you are a client and you have technical questions about how we protect your machines from ransomware, please contact us at (734) 744-5300.
Previous blog post: How to prevent ransomware attacks