New Ransomware BadRabbit Targets Russia And Ukraine

New Ransomware BadRabbit Targets Russia And Ukraine

It has been barely 4 months since almost the entire world was threatened by the ransomware Petya and NotPetya. Now a new ransomware known as BadRabbit has surfaced in several parts of Russia and Ukraine. As per initial reports, the ransomware has attacked the computer system deployed at the Odessa International Airport and Kiev Metro Station in Ukraine’s capital. The Russian news agency, Interfax also tweeted that some of its servers and computer system are also being affected by this ransomware and they are taking all effective measures to pull things back.

Must Read: Defray Ransomware Targeting Education and Healthcare Organizations

How It Gets Into The System:

Adobe flash player update

For now, it is predicted that this ransomware came from the same authors which have designed Petya and NotPetya, as the same methodology was used for transmitting this ransomware. The big cybersecurity giants like Kaspersky and Eset stated that the ransomware was spread through drive by download attacks. The Adobe Flash installer which pretends to be legitimate, tricked victims to execute this malware, which in turn lock the system by encrypting the files.bh

How Much Ransomware Is Asked:

Bad rabbit ransomware

The ransom demanded by BadRabbit to decrypt the file is 0.05 bitcoin, which is approximately $280. However, still, there is no surety that the files will be unlocked after paying that ransomware. Also, the clock is ticking inside the warning message giving a deadline of 41 hours, which once passed will result in raising the ransom.

Must Read: Use “Controlled Folder Access” To Block Ransomware On Windows 10

Solution?

The biggest heart-breaking news is that still leading anti-malware and antivirus software are unable to detect this. However, in between all this bad news, a security researcher at Cybereason found tweeting that he has got the crack for this ransomware.

I can confirm – Vaccination for #badrabbit:

Create the following files c:\windows\infpub.dat && c:\windows\cscc.dat – remove ALL PERMISSIONS (inheritance) and you are now vaccinated. 🙂

He has provided the detailed description at his website.

However, though this is still not an official solution, hope that it would help the victims. Also, all security experts are advising the victims not to pay any ransom, as paying the money does not provide with the guarantee of ransomware removal.

Next Read: Locky Ransomware ‘Back from the Dead’

In the interim, we also recommend you to backup all your important data and update your antivirus and anti-malware software. As prevention is always better than cure.

Varun Tiwari

Varun is a technical blogger at Systweak. His engineering background helps him present technical solutions and concepts in an engaging manner. Varun enjoys reading both short and long form fiction and has tried his hand at writing poems too. When not busy with the pen, he likes traveling and spending time with family.

Leave a Reply

Your email address will not be published. Required fields are marked *