Most of you probably already know just how nasty and problematic Ransomware viruses are. This type of viruses are very stealthy and are able to lock your personal software documents or maybe even your whole PC in a matter of minutes. However, not all instances of Ransomware manage infect large numbers of computers.
Unfortunately, as of yesterday, a new Ransomware version called Bad Rabbit was reported and throughout the past 24 hours it seems to have spread to many computers, mostly from Eastern Europe – countries like Russia, Ukraine, Turkey and Bulgaria got hit the hardest by this new virus. Apart from attacks on regular users, Bad Rabbit has managed to infiltrate the networks of a number of companies and organizations as well. Some of examples are the Odessa airport and Kiev’s subway system (Ukraine) as well as the Ukrainian Ministry of Infrastructure. Other notable victims of the Ransomware are a number of Russian news agencies.
There have already been two other Ransomware outbreaks of similar scale this year – the WannaCry (May) and the NotPetya (June) outbreaks. At the current moment, more and more users are getting infected by this noxious piece of malware.
How it’s getting distributed
According to the security researchers at ESET and Proofpoint, the Ransomware’s primary method of distribution is through fake Flash updates – apparently, a number of legitimate websites have been hacked and are currently redirecting their visitors to the virus-distributing “updates”. However, it has been pointed out that Bad Rabbit also has a secondary method distribution that allows it to spread to other computers that are connected connected to the same network as an initially infected PC. This is likely what has allowed this particular Ransomware to become so widely spread across a large number of systems within a rather short time period.
In order to avoid any potential infections by this noxious program, we advise our readers to keep an eye out for any suspicious and questionable update requests when browsing the Internet. The researchers at Kaspersky have reported that the sites used to trigger the redirects to the fake update requests are primarily news websites so bear that in mind.
How does Bad Rabbit operate?
This new piece of malware seems to have a lot of work put into it – it combines two forms of Ransomware function. First, the virus encrypts the personal user files on the PC and then it modifies the MBR (Master Boot Record) so that the next time the PC restarts, it won’t be able to boot into Windows and would instead load a lockscreen with a ransom note on it that cannot be bypassed meaning that the user won’t be able to load Windows on their PC.
The MBR modification and the lockscreen ransom note is similar to the way infamous Ransomware viruses like Petya and NotPetya are known to operate. Once displayed on the victim’s screen, the ransom note would state that a payment of 0.05 (≈ 280 USD) BitCoin is demanded by the user if they wish to receive a code that will allow them to gain access to their PC and files. There is also a timer counting down 40 hours – unless the money is paid before the time runs out, the demanded ransom sum would go up.
As we stated above, it addition to the lockdown screen displayed once the PC boots-up, Bad Rabbit also encrypts the user files that are stored on the PC’s hard-drive making them inaccessible. Even if one somehow manages to bypass the lockscreen, they would still have to figure out a way to unseal the locked-up data. One thing to note about the encryption process carried out by Bad Rabbit is that it doesn’t change the extension of the targeted files after it finished locking them up.
The Ransomware forces a PC restart
In order to ensure that it has completed its job, this malware has two additional scheduled tasks after the MBR modification and the data encryption have been finished. Once everything’s been set up, Bad Rabbit would automatically force a restart on your PC so that once it starts to boot, it would get locked by the ransom note and the user would be unable to use their computer.
Bad Rabbit is a brand new piece of Ransomware and a lot about its characteristics is yet to be revealed by researchers. Currently, there is no effective method for handling this noxious virus which is why it is essential that users make sure to keep their PC out of any potential risks that might land them this Ransomware. As we already mentioned, the malware tends to be distributed through fake Flash updates that get displayed within hacked news sites. Keep an eye out for anything that looks suspicious while browsing the Internet and make sure to avoid any content that could be a potential security risk.