Cybersecurity experts have said that the ransomware -- which posed as an Adobe update before locking down computers and demanding money for people to get their files back -- targeted Russian media companies and Ukrainian transportation systems. It has also been detected in other countries including the U.S., Germany and Japan.
Bad Rabbit appears to be one of the biggest since the Petya cyberattack that caused chaos worldwide in June. NotPetya, along with Wannacry, caused widespread disruption affecting businesses, government institutions and hospitals.
Unlike other recent malware epidemics which spread through more passive means, Bad Rabbit requires a potential victim to download and execute a bogus Adobe Flash installer file, thereby infecting themselves. While a user is visiting a legitimate but compromised website, a malware dropper is downloaded and disguised as an Adobe Flash installer. One of the distribution method of Bad Rabbit is via drive-by download. Some popular websites are compromised and have JavaScript injected in their HTML body or in one of their .js file.
The downloaded file is named “install_flash_player.exe” and needs to be manually launched by the victim.
Reports suggest that unlike Petya, Bad Rabbit is not a wiper. That said, giving in to a ransom only encourages the proliferation of this kind of cybercrime – so don’t pay.
What is Bad Rabbit‘s lesson? The truth is you don’t have to be fooled again by ransomware attacks. The culmination of :
Are you an IT professional that wants to ensure sensitive data and devices are protected? Talk to a specialist or email us at info@titanhq.com with any questions.
