Bad Rabbit ransomware attacks computer networks masquerading as Adobe Flash

Adobe’s 2020 deadline for the death of Flash can’t arrive soon enough.

Bad Rabbit spreads itself through downloads, requiring a target to take action to install the ransomware – which takes the form of a bogus Adobe Flash installer. Within hours of it beginning to spread, CyberReason researcher Amit Serper discovered a vaccine to block that particular strain of ransomware.

Some analysts believed NotPetya originated in Russian Federation as an assault on Ukraine’s IT systems rather than a purely criminal ransomware attack.

In the third major ransomware outbreak of the year, Bad Rabbit has infected a number of high profile targets in various countries.

While the scale of the Bad Rabbit attack remains to be seen, it further highlights the urgent need for firms to leverage re/insurance capacity to cover growing cyber threats.

Barak said that traditional anti-virus software is important to have on computers and networks but is not very effective against ransomware because those programs work by looking for known malicious code, but ransomware attacks are so easy to engineer that they rarely rely on code that has already been identified as potentially risky.

So what is Bad Rabbit?

If users activate install_flash_player.exe, the malware downloads C://Windows//infpub.dat file. When it’s clicked on, it locks down the computer. Bad Rabbit, by contrast, reportedly does decrypt the hard drive upon entry of the correct password.

Who has it been hitting?

Previously, in June, ESET tied the NotPetya ransomware campaign to a cyber-espionage group named TeleBots, previously known for attacking Ukraine’s power grid in December 2015 and December 2016. A powerful upgrade now being unleashed with organisations in Russia, Ukraine, Bulgaria and Turkey at the top of the hit list.

According to experts, the mechanism of spread of Bad Rabbit is similar to the “NotPeta” virus. “We’ve detected a number of compromised websites, all of which were news or media websites.” the analysis published by Kaspersky Lab states.

With the Bad Rabbit outbreak, however, things were a little different as nearly 70 percent of the victims were located in Russian Federation. “Most of the detections are in Russian Federation and Ukraine, however, also there are reports of computers in Turkey, Bulgaria and other countries are affected”, ESET, one of the security firms monitoring the outbreak has said. “Overall, there are nearly 200 targets, according to the KSN statistics”.

Message displayed on a computer infected with the Bad Rabbit malware. “We are monitoring the situation and working with our partners to better understand the threat”, a spokesperson for the UK’s National Cyber Security Centre said. If a user doesn’t help the process along by installing the Flash update it would be benign and not wreak the devastation it has across the region.

Forty-six percent of enterprises experienced a ransomware attack in the past 12 months, according to a recent survey of 300 IT professionals by Cylance and the Enterprise Strategy Group.