Watch out for the Bad Rabbit
What is known at the moment is that Bad Rabbit ransomware has infected several big Russian media outlets, with Interfax news agency and Fontanka.ru among the confirmed victims of the malware. Odessa International Airport has reported on a cyberattack on its information system, though whether it’s the same attack is not yet clear.
The criminals behind the Bad Rabbit attack are demanding 0.05 bitcoin as ransom — that’s roughly $280 at the current exchange rate.
According to our findings, the attack doesn’t use exploits. It is a drive-by attack: Victims download a fake Adobe Flash installer from infected websites and manually launch the .exe file, thus infecting themselves.
According to our data, most of the victims of these attacks are located in Russia. We have also seen similar but fewer attacks in Ukraine, Turkey, and Germany.
What you can do if the threat escalates.
Block the execution of files c:windowsinfpub.dat and c:Windowscscc.dat.Disable WMI service (if it’s possible in your environment) to prevent the malware from spreading over your network. Back up your data. Don’t pay the ransom.
CQI Netwatch update.