Bad Rabbit Ransomware on the Prowl

The Bad Rabbit ransomware has been described as moderately severe, courtesy CERT-In (Indian Computer Emergency Response Team). The malware proliferated inside Japan, Turkey, Bulgaria and Ukraine. However, a lot of those targeted with it resided in Russia. When infecting a system it poses as a downloader of Adobe Flash, after which it proliferates via the network passing through message blocks on open-servers, planting malicious code via accessing and using victim's credentials.

Users targeted with Bad Rabbit may be lucky by being able to retrieve data folders that the ransomware locks owing to errors by the malware's creator. Such flaws got disclosed on October 27 within an update of the Bad Rabbit report by the anti-virus agency Kaspersky Labs of Russia. The company's researchers state they managed in finding 2 errors within the modus-operandi of Bad Rabbit. Bleepingcomputer.com posted this, October 27, 2017.

In the opinion of Kaspersky Labs, the latest ransomware has been derived from Petya since its codes resemble those of Petya. While another ransomware Locky utilizes a spam mail for spreading its infection across computers, the modus-operandi of Bad Rabbit's infection is different. This one relies on insecure websites for installing certain harmful PHP code onto the site's pages. People accessing the particular pages are directed for planting flash players that in reality conceal one resource for malware on the Web. When planted the malware attempts at acquiring elevated administrative rights followed with adding a module for disc encryption that stops the infected computer from running a customary booting. Thus when owners start up a contaminated system, they get diverted onto one modified bootloader.

While the malware infecting computers in Russia accounted for 65% of the machines, outside Russia it infected just 2.4%. Bad Rabbit contaminated devices via several compromised media sites of Russia, when a message would pop up asking victims to pay money to get back access of their files.

For keeping oneself protected, the fundamentals are running anti-virus software, giving second thoughts to unanticipated e-mail attachments, maintaining operating systems and application software up-to-date, and maintaining regular back-up of files. Notably, the NoMoreRansom.org website provides tools for decrypting files encrypted with ransomware.

» SPAMfighter News - 11/3/2017