Similar to Petya in terms of technical characteristics and speed of spread, the new ransomware has been “intercepted” in Russia, Ukraine, Germany and Turkey
At the moment it is a circumscribed alert, but it remains an alert nonetheless. According to several reports from the world’s leading cybersecurity companies, a new ransomware attack is being prepared in a big way. The ransomware virus, dubbed Bad Rabbit, has already struck in Eastern Europe and is spreading at great speed.
The new threat, which shares more than a few technical and technological aspects with Petya, has reportedly affected both government or public agencies (such as the Odessa airport management system, the Kiev metro and the Ministry of Infrastructure in Ukraine) and private companies (such as three of the largest newspapers and news portals in Russia), causing a lot of inconvenience. The speed with which Bad Rabbit is spreading, cybersecurity experts point out, is similar to that of WannaCry and Petya, the two worst ransomware attacks (at least so far) of 2017.
Bad Rabbit spreads through fake Flash updates
According to ESET and Proofpoint researchers, Bad Rabbit’s spread (at least in the very early stages) would have been “entrusted” to a fake Flash update, which would have allowed hackers to quickly infect a large number of computers. In fact, it is only a bridgehead: as seen in the case of Petya and WannaCry, the ransomware is able to exploit vulnerabilities in network security systems to install itself on all other terminals.
Once installed, Bad Rabbit encrypts all data on the hard drive, overwrites the information in the Master boot record of the infected computer and restarts the system. From this moment on, the computer will be unusable and will display a ransom message very similar to the one already seen with Petya. In order to get access to your files back, you will have to pay a fee of about 250 Euros (0.05 Bitcoin) within 40 hours or so.
According to the very first analysis conducted by various cybersecurity companies, Bad Rabbit would be a “real” ransomware and not a wiper disguised as a ransomware virus. This means that the files on your hard drive are actually encrypted while waiting for someone to pay the ransom (or for some developer to release a tool to recover the information) and does not delete the files at the first useful opportunity.
How to protect yourself from Bad Rabbit
In case you get infected, there is little you can do. You have to hope that, within the 3 days given by the hackers, some researcher will manage to develop a decrypter, otherwise you will have to say goodbye to your files (obviously, you should not pay the ransom). In the meantime, disconnect your computer from the network by removing the Ethernet cable or disabling Wi-Fi to limit the spread of ransomware and prevent other computers on the network from getting infected as well.
If, on the other hand, you are not a victim of the ransomware virus, you should implement a few – very basic – security measures that will help you keep the ransomware threat at bay. First of all, it is necessary to update the operating system and all installed software to the latest available version: this is the only way to prevent hackers from exploiting any flaws and vulnerabilities to their advantage. It is always useful to make periodic backups of your system so that you can easily recover the information encrypted by cybercriminals. Finally, beware of strange messages or pop-ups that may appear while you are surfing the web: if a window appears asking you to update Adobe Flash, turn off your device (computer and smartphone) and do not update it under any circumstances. You will only risk getting infected with the latest ransomware that has appeared.
Some experts who have been able to study the ransomware virus in depth have discovered a little trick that could neutralize Bad Rabbit, by preventing files from being encrypted. All you would have to do is create a file inside the “C:Windows” folder and make it accessible in read-only mode. To defend yourself against ransomware, therefore, right-click on an empty space on the desktop, move the cursor to the “New” item, choose “Text Document” and assign the name “infpub.dat”, changing the file extension as well. Now right click on the newly created file icon, choose “Properties” and, in the lower part of the tab, select the attribute “Read Only”. Once this is done you can cut and paste the file (or drag it with the mouse from My Computer) into the “C:Windows” folder and you are done.