Infinity Group - Bad Rabbit Ransomware

Bad Rabbit the latest Ransomware to hit Europe

Bad Rabbit the latest Ransomware to hit Europe2017-11-30T11:31:10+00:00

Written by Rob Young, Director – 16th November 2017

It’s been just four months since the outbreak of the Petya Malware that infected thousands of computers on an international scale. In the second quarter of 2017 alone 342,566,061 malicious attacks were detected (Source: KSN Data). In response to this sudden rise in cyber attacks, the BBC have reported that the UK Government will be investing £1.9bn over the next five years to tackle and prevent cyber crime.

New regulations are being enforced in 2018 such as the GDPR and MiFID II compliance, in an aim to ensure businesses implement enhanced cyber security measures.

What is Bad Rabbit malware?

On 24 October 2017 a new strain of Malware named Bad Rabbit first emerged in Russia and the Ukraine and has now infected computers in numerous countries including Europe and is predicted to reach the UK shortly.

In this blog, we’re going to explore what Bad Rabbit is, who has been affected so far, how it infects user’s computers and what you can do to prevent being attacked by Bad Rabbit or similar strains of Malware.

Who is being targeted by Bad Rabbit?

The majority of attacks have been reported in Russia, Ukraine, Turkey, Germany, USA and Japan and it’s now entering Europe. Russian news services, Interfact and Fontanka were the first to be attacked, followed by the Ukraine Ministry of Infrastructure and the public transport system in Kiev. Reports to date, suggest it’s predominantly targeting media and news organisations.

How do you get Bad Rabbit Malware?

It has been reported that Bad Rabbit Ransomware behaves in a similar way to the Petya  and WannaCry ransomware and the extent of the infection is also very alike.

Bad Rabbit ransomware infects machines and networks using a method called ‘drive-by-attacks’, meaning insecure websites are compromised and then wait for a user to visit what they believe to be a secure legitimate website.

Once a user visits this compromised website, a dialogue box will pop up asking the user to download a ‘Adobe Flash Update.’ To avoid alarm, the file name appears as ‘install_flash_player.exe’ which to many looks extremely genuine and considering there has been numerous Adobe flash player updates; it’s believable.

For the Bad Rabbit Malware to be able to function correctly and fully, it needs the user to accept administrative privileges. It attempts to obtain this by using the standard user account control prompt (UAC) – an example of this is below.

Infinity Group - UAC Account

Once the user clicks on ‘Yes’, the Bad Rabbit infects the entire computer and encrypts all the files on it. Just like Petya, it can schedule an automatic reboot of the system, which shuts down the computer and when it reboots the entire machine is encrypted.

What does Bad Rabbit look like?

The below image will be displayed asking for money to be paid for the files to be decrypted, and you may also notice Bad Rabbit’s malware code is scattered with references from Games of Thrones. It’s not yet known why this is.

If you are a victim of Bad Rabbit, we do not recommend you paying the ransom as there is no guarantee your files will be decrypted.  Instead, please get in touch as we may be able to wipe the machine.

Infinity Group - Bad Rabbit Ransomware

Who’s at immediate risk of Bad Rabbit?

Businesses who run on Windows XP, Windows Vista, Windows 7 and Windows Server 2003 and 2008 are extremely vulnerable to Bad Rabbit and other cyber security threats. As it has been confirmed by both Microsoft and F-Secure that ‘Bad Rabbit’ uses the EternalRomance exploit as an infection vector that enables it to spread throughout business networks. The EternalRomance exploit is much like the EternalBlue exploit we saw used in the WannaCry attack that brought the NHS to a standstill back in May.

In September 2017, it was reported by the BBC that the Manchester police force still run on Windows XP, leaving them vulnerable to attacks such as Petya, WannaCry and Bad Rabbit. Any users of the above operating systems should consider upgrading to Windows 10 as soon as possible.

Infinity Group - Bad Rabbit Malware Attack

How can I protect my business from Bad Rabbit?

Update – Making sure your business is running on the latest operating system such as  Windows 10 and ensure automatic updates are turned on for every user as these can include security patches.

Audit – What are they cyber security risks in your business? The Government backed Cyber Essentials certifications help design the framework for a solid cyber security strategy. We perform cyber security audits specifically aligned to the Cyber Essentials certification to highlight the risks and recommend immediate cyber security improvements.

Educate – Ensuring your employees are aware of how the recent forms of Malware are delivered is paramount. Make sure staff understand how to identify a possible threat and design a procedure to implement for when a possible threat is detected.

Patch Regularly – This will ensure all computer and servers are protected.

Install – Industry standard Malware protection such as Sophos Intercept X or WatchGuard firewalls across the network which both detect and protect against Bad Rabbit and other types of malware.

Prepare – Implement a backup and disaster recovery plan to safeguard your business data in the event of an attack. This also assists with GDPR compliance.

Infinity Group are IT security specialists and supply a wide range of products and solutions to help keep your business secure. If you’re interested in discussing your IT Security setup please get in contact.

If you have found this blog useful you may want to read our blog ‘The framework and components of a Cyber Security strategy’ And also the  ‘Different types of malware.’ 

Share

You might also like...