Bad Rabbit Ransomware has surfaced in Russia, Eastern Europe and South Korea. It appears to be targeting its victims thus far. It has been found on hacked websites where users are told they need to update Flash in order to view content. This fake alert dupes users into downloading a Fake Flash Update and infecting their computer and network. The malware encrypts user data and offers the decryption key for a fee that rises over time.
If you’re infected, you’ll know it right away as the infection will splash an ugly alert telling you so.
In addition to spreading across the victim’s network and infecting any accessible data, it may also be performing brute force attacks on the network with a dictionary list of common usernames and passwords.
Slingshot clients utilizing our BitDefender Protection are safe from the most recent Bad Rabbit versions: Gen:Heur.Ransom.BadRabbit.1 and Gen:Variant.Ransom.BadRabbit.1.
In addition, our multi-layered backup solutions provide recourse to recover encrypted files. Our Web Protection filtering will block user access to all known infected websites.
Nonetheless, new versions will morph from the originals and may slip past our primary defenses until discovered and updated.
Of course, the final line of defense is the end-user. Best practice is always to use discretion before opening any link or responding to any prompt.Our advice is to ignore any prompt to click links or download any “Updates” unless you are positive that it is safe.Not much bad happens if you don’t click, lots of bad can happen if you do!
Don’t hesitate to contact our Slingshot helpdesk if you have any concerns.
US Cert Center Advisory: US-CERT has received multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world. A suspected variant of Petya, Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.