The Bad Rabbit Can Hit You So Bad…

A new ransomware attack nicknamed Bad Rabbit has been sweeping through the world since yesterday, October 24, 2017. As a matter of fact, the Ukrainian Security Service had warned on October 14 that a new large scale cyber attack, similar to notPetya, might take place sometime between October 13 and 17. The attack arrived a few days later than expected.

The U.S. government issued a warning on the attack, which can always result in billions of dollars in losses.

“US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware,” reads the alert from the United States Computer Emergency Readiness Team, run by the Department of Homeland Security.

Bad Rabbit asks for a ransom payment of 0.05 BTC (~$280) in the first 40 hours of infection, after which the price will probably rise to a yet unknown amount.

Ukraine was the main target for this malware, with many of its critical infrastructure such as train stations, airports and media sites suffering downtime. Other countries initially impacted include Bulgaria, Germany, Russia and Turkey.

Affected companies include the Kiev Metro (Ukrainian train services), Odessa Airport (Ukraine), the Ukrainian ministries of infrastructure and finance and Interfax (a large Russian media outlet). And industries include finance, healthcare, distribution and software vendors.

The ransomware is being spread via a fake Flash software installer, which allegedly arrives as a pop-up from a legitimate Russian news site. Once run, the pop-up leads to a compromised site, which in turn downloads an executable dropper. The ransomware uses a piece of known open source software called DiskCryptor in order to encrypt the victim’s drives.

The lock screen presented to the user is almost identical to the infamous Petya and NotPetya lock screens. However, this is the only similarity we have so far observed between the two malwares, in all other aspects Bad Rabbit is a completely new and unique ransomware.

Ironically, Bad Rabbit surfaces during the National Cyber Security Awareness Month, when global events are happening everywhere, given the staggering number of recent data breaches and global ransomware attacks. It is the perfect time of year for individuals and organizations to reflect on the universe of cyber threats and to do their part to protect their networks, their devices, and their data from those threats.

Ransomware is the top threat facing computer users as Interpol reveals massive 2017 cyber crime “epidemic” taking over PCs as well as internet-linked devices like routers and CCTV cameras to turn them into tools for criminals,” reported the European policing agency Europol.

In December 2016, Check Point and Europol released a joint report called ‘Ransomware: What You Need to Know.’ Check Point’s consumer product line is ZoneAlarm, a world leader in mobile privacy protection and consumer Internet Security.

Ransomware are malware designed to extort money from users whose computer they infect. Recent innovative methods for infecting, monetizing and targeting lucrative targets show that this attack vector is growing in sophistication since its primitive yet effective origins.

Like the WannaCry and Petya cyber attacks, the Bad Rabbit ransomware attack could have been prevented. Ransomware and other malwares are not the new normal.

Although this fresh ransomware is in principle a targeted attack against corporate networks, home PC users must be alert. Cyber extorters do not discriminate.

Nearly 100 million people trust ZoneAlarm to protect their PCs from cyber extortion. ZoneAlarm Anti-Ransomware was considered “the most effective ransomware-specific security tool we’ve seen” as well as Editor’s Choice for ransomware protection, according to PCMag. In testing, it showed complete success against all real-world samples.