Beware the Bad Rabbit

You may or may not be aware that there is new ransomware attack release named “Bad Rabbit” infecting devices across the globe.  Let’s examine how it works, how it might affect you and most importantly what you should (and shouldn’t) do to avoid it.

The Threat

This ransomware variant is delivered via malicious websites that instructs the user to update flash. Upon clicking on the “Update Flash” pop-up or link, the virus is downloaded and executed. Once the PC boots, a ransom note is displayed similar to the recent WannaCry attack. The malware also includes techniques to spread laterally through the network. The first technique involves a hacking tool known as Mimikatz, which is able to obtain passwords from memory on the infected system. The second, via the EternalBlue exploit (MS17-010) is again something that was evident with WannaCry. The malware also has a hard- coded list of usernames and passwords.

There has been no evidence of the ransomware being delivered via phishing emails to date, however given this is always a likely attack vector, users should be cautious when clicking links or opening attachments from unexpected sources.  The attack vector currently appears to be via users visiting compromised websites directly but users should be wary of any suspicious-looking emails or communications.

What to do?

The best advice at the moment is simply not to click any links relating to Adobe flash which browsing the web.