What is Bad Rabbit?
Petya Ransomware’s suspected variant is Bad Rabbit. This software maliciously infects computers and reduces user access to infected systems until a rescue is paid to decipher them. In order to clear this online danger, it is important to have virus protection software in place.
Bad Rabbit works / spreads ransomware?
BadRabbit distributes to infected websites by drive-by downloads. Visitors are tricked in most BadRabbit infections to click the malware by misleading them into warning that the Adobe Flash player requires a major update.
In order to extract common hard code login credentials like admin, guest, user, root, etc, BadRabbit uses the Mimikatz (a tool after the exploitation). In some situations BadRabbit ransomware uses DiskCryptor, a legitimate tool that encrypts the data of the victim.
Once BadRabbit ransomware infects and encrypts your data, the victim’s computer boots the ransomware and an e-mail entitled “Oops! After the reboot, your files were encrypted.
When the bad rabbit was found first in the wild, it was mainly aimed at Russian users. Other countries, such as Ukraine, Turkey and Germany, reported related attacks.
How is Bad Rabbit Ransomware protected?
It shouldn’t be bad rabbit or any ransomware people who become the victim, as it only promotes ransomware growth. Here are some good safety practices, which may prevent infection with ransomware.
Keep your operating system up to date, patched, and install any top notch Antivirus software, that detects malicious programs Backup your file on a regular basis and automatically, unless your understanding of what is being done, does not install or give you administrative privileges
- Maintain updated and patched your systems. Cyber criminals often use known exploits, but vendor patches regularly come out and can protect users from many attacks.
- Back up files usually. Ransomware distributors take advantage of file encryption and data loss threats. The cyber-criminal loses this leverage if you have backups of the files affected.
- Train about best practices in ransomware for end users and companies.
- To infect most users, use multi-stage security solutions which protect the entry attackers ‘ dots— websites and e-mails.
How does it spread?
- It uses a dictionary attack to collect credentials from infected computers and tries to access and spread computers on the same network.
- Bad Rabbit also tries to brute administrative shares he finds; if successful, a copy of himself will be dropped into such shares.
- If such attacks fail, the exploit is used to address the MS17-010 vulnerability of Eternal Romance SMB. In March of this year, these vulnerabilities were fixed.
