A new widespread Bad Rabbit ransomware attack is spreading like wildfire around Europe and has already affected over 200 major organizations, primarily in Russia, Ukraine, Turkey, and Germany, in the past few hours.
Called “Bad Rabbit ransomware”, it is reported as a new attack against specific Petya ransomware corporate networks, which requires 0.05 Bitcoins (~ $ 285) as ransom victims to unlock their systems.
According to an initial analysis provided by Kaspersky, ransomware attacks distributed by drive-by download using a fake Adobe Flash Player installer to unwittingly attract victims to install malicious software.
“No exploits were used, so the victim would have to manually run the drip malware that claims to be an Adobe Flash installer. We detected a number of compromised websites, all of which were news sites or media. Kaspersky Lab said.
However, ESET Security Researchers detects Bad Bunny malware as ‘Win32 / Diskcoder.D’, a new variant of Petya ransomware, also known as Petrwrap, NotPetya, exPetr, and GoldenEye.
Bad Bunny DiskCryptor ransomware uses full-featured open source unit encryption software to encrypt files on RSA 2048 key infected computers.
ESET believes that the new wave of ransomware attacks do not use the EternalBlue exploit the filtered vulnerability SMB that has been used by WannaCry and Petya ransomware to spread across networks.
Instead, first scan the internal network to share SMB open an encrypted credential test commonly used to exclude malware and also use post-exploitation Mimikatz tool to extract the credentials list systems concerned.
Ransom Note, above, asks victims who log on to the Tor Onion website for payment, showing a 40-hour countdown before decrypting prices.
The organizations concerned include Russian news agencies Interfax and Fontanka, payment systems in the Kiev metro, Odessa international airport and the Ministry of Infrastructure of Ukraine.
Researchers are still analyzing Bad rabbit ransomware to see if there is a way to decipher computers without paying ransomware and how to prevent it from spreading further.
How to protect against ransomware attacks?
Kaspersky suggests disabling the WMI service to prevent malware from spreading across your network.
Most ransomware spreads via phishing emails, malicious websites, and advertisements on third-party software applications.
Therefore, you should always be careful when opening uninvited documents sent by e-mail and click on links in these documents unless you check the source for protection against this ransomware infection.
Also, never download any applications from third-party sources and read reviews even before installing applications in official stores.
To always keep tight control of your valuable data, maintain a good backup routine in place to make copies to an external storage device that is not always connected to your PC.
Make sure to run a good, effective security and antivirus suite on your system, and keep it up to date.