Home » Bad Rabbit Malware Spreads Across Europe Through Social Engineering

Bad Rabbit Malware Spreads Across Europe Through Social Engineering

Organizations in Russia and Ukraine were under siege on Tuesday 24 October 2017 from Bad Rabbit, a strain of ransomware with similarities to NotPetyaBy evening, the outbreak was reportedly spreading into Europe, including Turkey and Germany. Victims reported so far include airports, train stations and news agencies.

Russia’s Interfax news agency reported on Twitter that the outbreak had felled some of its servers, forcing Interfax to rely on its Facebook account to deliver news.

It All Starts with Social Engineering
The Bad Rabbit outbreak appears to have got its start via files on hacked Russian media websites, using the popular guise of pretending to be an Adobe Flash installer. If Bad Rabbit infects your computer, it attempts to spread across the network using a list of usernames and passwords buried inside the malware.

These credentials include passwords straight out of a worst passwords list. Another reminder, if one were needed, that all your passwords need to be strong, even the ones you use behind the safety of a corporate firewall.

From there, it encrypts not only your files, adding encrypted at the end of each filename, but also your computer’s MBR (Master Boot Record). You are then greeted with the following message and asked to submit payment via a Tor hidden service (an anonymous Dark Web website):

Bad Rabbit’s geographic spread so far resembles that of NotPetya, which circled the globe in June after erupting in Ukraine.

Defensive Measures
According to Sophos, it currently blocks the Bad Rabbit malware as Troj/Ransom-ERK. Additionally, Sophos Intercept X proactively prevents the malware from attacking your data: the CryptoGuard component stops the ransomware from scrambling your files, and WipeGuard prevents the low-level disk writes that modify the boot sector.

Here are some general tips to raise your defenses againt this sort of outbreak:

  • Ditch Flash altogether. Fake flash installers and updates only work as a social engineering tactic if you use or want Flash. By removing Flash entirely you not only protect yourself from Flash zero-day holes , but also eliminate the temptation to download fake updates.
  • Patch promptly. Outbreaks such as NotPetya and WannaCry exploited a vulnerability for which patches were already available. Don’t lag behind once patches are available for known security holes – the crooks will be only too happy to take advantage.
  • Remember your backups. Make them regularly, and keep a recent backup both offline and offsite, so you can access it even if your workplace ends up off limits due to fire, flood or some other cause not related to malware.
  • Don’t make users into administrators. When you want to perform administrative tasks, promote yourself to an administrator account, and relinquish those privileges as soon as you can. Network-aware malware like Bad Rabbit can spread without even needing to guess passwords if you already have administrator-level access to other computers on the network.

If you’re a home user, why not register for the free Sophos Home Premium Beta? This includes the CryptoGuard and WipeGuard features mentioned above that block the unauthorised scrambling of files and disk sectors.

Have your say!

0 0