How ransomware bad rabbit spread

By lensesview |
Bad Rabbit Malware
Views: 156
Read Time:2 Minute, 42 Seconds

After locking down the computers the cyber criminals behind Bad Rabbit are demanding 0.05 Bitcoin ($285 =2,835.58ZK) from victims. Bad Rabbit is a new strain of ransomware spreading and infecting computers.

 

What you need to know about Bad Rabbit

  • Ransomware attacks are not subtle. You will receive a notification immediately
  • It spreads via a fake Flash update on compromised websites
  • Bad Rabbit can spread laterally across networks
  • The Malware may not be indiscriminate
  • It isn’t clear who is behind it
  • It contains Game of Thrones references in its coding -Viserion, Drogon, and Rhaegal concluding some GOT nerd is behind it

 

You can protect yourself against becoming infected by it

Its unlikely that Zambia will be hit by Bad Rabbit but for those who want to be sure they don’t potentially fall victim to the attack, Kaspersky Lab says users can block the execution of file ‘c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.’ in order to prevent infection.

 

Be alert to security trends

Looking at the Bitcoin reaching all highs and the sophistication cybercriminals are investing into the malware there is need to stay alert. The Bitcoin, cybercriminals favorite currency, is now trading at $5,770 USD. That is a whooping 57,266.88 Zambian Kwacha for each computer locked.

 

According to Kaspersky who are trucking the ransomware the most affected computers are located in Russia. And the attack seems targeted with some rumors mentioning Korea to be involved.

 

‘Based on our investigation, this is a targeted attack against corporate networks’

 

How bad rabbit is spread

  • It spreads via a fake Flash update on compromised websites

Breaking news is that Bad Rabbit ransomware is spread through Social Engineering. Also the new strain is reported to be similar to WannaCry and Petya ransomware that caused havoc earlier this year.

According to knowbe4 the outbreak appears to have started via files on hacked Russian media websites.  They used the popular social engineering trick of pretending to be an Adobe Flash installer.

Interfax and Fontanka the media organisations’ servers were hit hard and Interfax had to resort to Facebook to deliver its news.

 

Bad Rabbit hit Interfax Media

 

Bad Rabbit uses Mimikatz to extract credentials from the local computer’s memory, and along with a list of hard-coded credentials, it tries to access servers and workstations on the same network via SMB and WebDAV.

 

Mimikatz is a great post-exploitation tool written by Benjamin Delpy (gentilkiwi). It extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. 

And the hardcoded creds are hidden inside the code that include predictable usernames such as rootguest and administrator, and passwords straight out of a password list.

 

Improved version of Bad Rabbit

Bad Rabbit attack is not as bad as the initial Bad Rabbit because it appears the encrypted files are recoverable. The initial attack left files unrecoverable even after receiving the restoration key.

This means the bad guys worked on the file encryption process. It also means you have to buy two keys. The first key is to de-encrypt the boot loader and the second is to release the encrypted files on the local machine.

 

 

Share2
Tweet
Pin
2 Shares

More Posts That May Interest You:

What is Bitcoin? Will it be a currency of the futureWhat is Bitcoin how does it Work a-z of cryptocurrencyA-Z of Cryptocurrency 101 Glossary Threat posed by malwareHow to protect yourself from WannaCrypto Whats Bitcoin currency?What is Bitcoin where is it found, has bitcoin got a future What is Bitcoin? CryptocurrencyBitcoin price hits all time high value Adobe Flash player end of life was marked on 31st December 2020Adobe Flash Player End of Life Here is a long List Of CryptoCurrenciesA List Of CryptoCurrencies So Far I know Of Microsoft says please update your windows patch right nowHackers turned on my camera and recorded me Samsung One UI 3 changesOne UI 3 Upgrade Android 11 Full Changes Buying Bitcoin in ZambiaHow to buy bitcoin in Zambia Default Thumbnail5 Tips about vpn You Can Use Today Adobe Flash player end of life was marked on 31st December 2020How to reach deliberant APC devices from January 2021 Litecoin drops while Bitcoin continue to escalatesLitecoin drops to $55.20 while bitcoin escalates to $6372 all time value Computer system securitySecurity Top News From Last Week – Teenager Hacks Apple Servers What is Bitcoin? CryptocurrencyBitcoin trading now available in Zambia Secure network devices for a well guarded infrastructureSafeguard Network Infrastructure Devices and Security 2019 GoldBrute Distribution In Zambia 12019 GoldBrute Distribution In Zambia How To Buy Bitcoin From Credit Card In Zambia and other cryptocurrenciesHow To Buy Bitcoin From Credit Card In Zambia Clear browser cacheHow to clear browser cache in Internet Explorer, Edge, Firefox, Safari, and Chrome Meltdown and Spectre malware caused havoc among many usersProtect your machine from Meltdown and Spectre
Posted in Security and tagged , , , , ,

This site uses Akismet to reduce spam. Learn how your comment data is processed.