According to US-CERT:
US-CERT has received multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world. A suspected variant of Petya, Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.
US-CERT encourages users and administrators to review US-CERT Alerts TA17-181A and TA17-132A that describe recent ransomware events. Please report ransomware incidents to the Internet Crime Complaint Center (IC3). US-CERT will provide updated information as it becomes available.
As a Cybriant managed SIEM or managed Perimeter customer, you are protected from this ransomware attack
We are continuing to investigate this malware. Please stay tuned to CyberAlert for the latest information.
Unlike other recent malware epidemics which spread through more passive means, Bad Rabbit requires a potential victim to download and execute a bogus Adobe Flash installer file, thereby infecting themselves. An Adobe spokesperson said that the attacks, “do not utilize any legitimate Flash Player updates nor are they associated with any known Adobe product vulnerabilities.”
BadRabbit demands users pay .05 bitcoins, or about $286, to have their files decrypted. But with its link to NotPetya’s fake ransomware, whether that payment actually gets results is so far unclear, according to WIRED.
What to do?
- Make sure that all protection mechanisms are activated as recommended
- Update your antivirus databases immediately
- Make sure your employees are aware of this threat
- Initiate a conversation with Cybriant for managed SIEM and Perimeter protection