The latest strain of ransomware “Bad Rabbit” began spreading across Russia and Ukraine yesterday, there have also been various reports of “Bad Rabbit” infections in Turkey, Bulgaria, Japan, Germany, Poland, South Korea and the United States.
The Bad Rabbit ransomware enters networks when a user on your network runs a phony Adobe Flash Player installer posted on a hacked website. Once “Bad Rabbit” Ransomware has infected its first machine within a network, it then uses an opensource tool to find any login credentials stored on the machine, so it can spread to other machines.
After the virus has spread as much as it can on the network, BadRabbit encrypts all files and posts a ransom note instructing the victim to pay 0.05 Bitcoin (about €235/$280/£213) to a specific Bitcoin wallet to decrypt the files.
Here is our advisory as to how to stop becoming the next victim:
Disable Adobe Flash Player and ignore installer prompts.
Send a broadcast email to all your users to advise the same.
Although not in this case, email tends to be one of the main infection methods, so be wary of unexpected emails especially if they contain links and/or attachments.
Back up any important data, this reduces the leverage the hackers have over their victim by encrypting valuable files and making them inaccessible.