Bad Rabbit, a new strain of ransomware that is similar to NotPetya — which crippled companies across the world in June this year — hitting organisations in Russia and Ukraine. It is also showing signs of spreading to other countries.
So far, the victims have included airports, train stations and at least one news agency in Russia.
Bill Brenner from Sophos believes the Bad Rabbit outbreak started with hacked Russian media websites, pretending to be an Adobe Flash installer.
“If Bad Rabbit infects your computer, it attempts to spread across the network using a list of usernames and passwords buried inside the malware,” Brenner writes on his Sophos blog.
“These credentials include passwords straight out of a worst passwords list. Another reminder, if one were needed, that all your passwords need to be strong, even the ones you use behind the safety of a corporate firewall.
“From there, it encrypts not only your files, adding “encrypted” at the end of each filename, but also your computer’s MBR (master boot record). You are then asked to submit payment via a Tor hidden service.”
So far, Bad Rabbit’s geographic spread resembles that of NotPetya, Brenner says.
“It was only a matter of time before someone took the ideas from WannaCry and NotPetya and ran with them for another go at unsuspecting victims,” according to a statement from Sophos. “What makes this malware more dangerous than your typical ransomware being distributed in a similar manner is its ability to spread across an organisation as a worm and not just through email attachments or vulnerable web plugins.
“It is rumored to contain the same password stealing and spreading mechanism as NotPetya, allowing it to traverse an enterprise and cripple it in no time.”
Sophos recommends that users protect themselves via the following:
* Keep software up to date with the latest patches.
* Back up regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete.
* Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
* Defense-in-depth is your friend. Criminals constantly try to outwit security products, having many layers of protection helps bridge the gap when one is evaded.