- Nathan Bahr
Bad Rabbit Ransomeware: Get Your Holy Hand Grenade!
On October 24th, ransomware known as Bad Rabbit infected devices primarily in Russia and Ukraine. According to Kaspersky Lab, almost 200 targets have been hit. Those infected include the Russian media outlet Interfax, the Kiev metro system and the Odessa airport. One of the ways the attack spread was through a fake Adobe Flash Player update. Bad Rabbit is similar to Petya that spread earlier this year which encrypts files and demands a ransom to get them back. At the moment, things seem to have calmed down as the hacker's servers are now offline.
Securelist “Bad Rabbit ransomware.” by Orkhan Mamedov, Fedor Sinitsyn, Anton Ivanov; 27 OCT 2017 https://securelist.com/bad-rabbit-ransomware/82851/
EndGame “BadRabbit Technical Analysis.” By Amanda Rousseau, 25 OCT 2017: https://www.endgame.com/blog/technical-blog/badrabbit-technical-analysis
Motherboard “New Ransomware ‘Bad Rabbit’ Spreading Quickly Through Russia and Ukraine, There’s a potentially massive new ransomware spreading in eastern Europe.” By Lorenzo Franceschi-Bicchierai, 24 OCT 2017: https://motherboard.vice.com/en_us/article/59yb4q/bad-rabbit-petya-ransomware-russia-ukraine
Motherboard “Infrastructure for the ‘Bad Rabbit’ Ransomware Appears to Have Shut Down, Most of the servers and sites used by the hackers behind the ransomware are down just a day after the outbreak started.” By Lorenzo Franceschi-Bicchierai, 24 OCT 2017: https://motherboard.vice.com/en_us/article/d3dp5q/infrastructure-for-the-bad-rabbit-ransomware-appears-to-have-shut-down
Engadget “New ransomware is causing major issues across Europe and Russia, Bad Rabbit has hit networks in Russia, Ukraine, Turkey and Germany.” By Mallory Locklear, 24 OCT 2017: https://www.engadget.com/2017/10/24/ransomware-major-issues-across-europe-russia/
When you don't segment your network and don't run firewalls on your clients: Bad Rabbit; https://twitter.com/nerdpyle/status/923306438906093568