Skip to main content

Bad Rabbit - Latest Ransomeware Attack



A new widespread ransomware attack is spreading like wildfire around Europe and has already affected over 200 major organizations, primarily in Russia, Ukraine, Turkey, and Germany, in the past few hours.

Dubbed "Bad Rabbit," is reportedly a new Petya-like targeted ransomware attack against corporate networks, demanding 0.05 bitcoin (~ $285) as ransom from victims to unlock their systems.

According to an initial analysis provided by the Kaspersky, the ransomware was distributed via drive-by download attacks, using fake Adobe Flash players installer to lure victims' in to install malware unwittingly.

"No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer. We’ve detected a number of compromised websites, all of which were news or media websites." Kaspersky Lab said.

However, security researchers at ESET have detected Bad Rabbit malware as 'Win32/Diskcoder.D' — a new variant of Petya ransomware, also known as Petrwrap, NotPetya, exPetr and GoldenEye.

Bad Rabbit ransomware uses DiskCryptor, an open source full drive encryption software, to encrypt files on infected computers with RSA 2048 keys.

ESET believes the new wave of ransomware attack is not using EternalBlue exploit — the leaked SMB vulnerability which was used by WannaCry and Petya ransomware to spread through networks.

Instead, it first scans an internal network for open SMB shares, tries a hardcoded list of commonly used credentials to drop malware, and also uses Mimikatz post-exploitation tool to extract credentials from the affected systems.

The ransom note, shown above, asks victims to log into a Tor onion website to make the payment, which displays a countdown of 40 hours before the price of decryption goes up.

The affected organizations include Russian news agencies Interfax and Fontanka, payment systems on the Kiev Metro, Odessa International Airport and the Ministry of Infrastructure of Ukraine.

Researchers are still analyzing Bad Rabbit ransomware to check if there is a way to decrypt computers without paying ransomware and how to stop it from spreading further.

How to Protect Yourself ???

1)Don't download any free software
2)Always use 'Adblocker' Add-ons.
3)Use a strong password for SMB-Filesharing Service.
4)Use Anti-Virus softwares

Labels:

Comments

Post a Comment

Popular posts from this blog

My Life as Information security engineer Chapter 1: Tools

  Hi folks, here I am going to share the tools list that I am using in my daily life cycle. NMAP  Nmap (“Network Mapper”) is a free and open-source (license) utility for network discovery and security auditing. Basically, I will use it to discover the open ports and closed ports where I did Port Mapping in firewalls. We can use this in the local network as well as in the WAN network. Also with help of the NSE script, we do multiple things like vulnerability check, exploitation, etc., Ref: http://www.piratesshield.com/2017/11/nmap-network-mapper-securtiy-scanner.html CURL and WGET curl   is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). Normally using this tool to analyze the website headers when my web security device blocking some dynamic content websites and to create the Application signature in IPS. Wget   using to download files directly instead of opening and surfing the brow
Post a Comment
Read more

AquaSec Container Security Solution ( DevSecOps ) - A quickView

  What is AquaSec?      The Aqua Platform is the leading Cloud Native Application Protection Platform (CNAPP) and provides prevention, detection, and response automation across the entire application lifecycle to secure the supply chain, secure cloud infrastructure, and secure running workloads wherever they are deployed.    Solutions : Cloud Native Security Platform CSPM Cloud Security Container Security Kubernetes Security Serverless Security Cloud VM Security Dynamic Threat Analysis (DTA) Container Vulnerability Scanning Aquasec offers a 14days trial to learn the container security / Automated DevSecOps. Use this link to get free trail  Sign In | Aqua (aquasec.com)   How to start with AquaSec? Once login into the portal click the nine dots in the left-side top > Aqua Hub  Then click the "Integrations" The Integration page has a lot of options to connect your container Platform Choosing your platform provides the required key to integrate. (follow the OEM documents ) The
Post a Comment
Read more

Learn DevOps like a pro techie - PART 1

       Usually, all DevOps trainers advise you to set up the LAB environment on cloud platforms (AWS, Azure, GCP, etc). But if you understand the technologies you can set it up easily on your super PC.   PC REQUIREMENTS : (WARNING!) Processor      :  > = i3 (10th or 11th Gen)  RAM              :  8GB (minimum) Storage          :  SSD preferred TIPS: If you using win11 or win10 and performance is very slow means use the below script. Windows 11 only:  https://github.com/builtbybel/ThisIsWin11 Windows 10 only:  https://github.com/builtbybel/bloatbox The LAB mainly depends on the docker platform. So First, start learning the basics of Docker. Docker Basics:  https://www.tutorialspoint.com/docker/index.htm KNOWLEDGE REQUIRED - Linux Knowledge (5/10) (installation of apps, editing scripts, user privileges, and troubleshooting)  - Web Development (3/10) -  Google Search and Stackoverflow (9/10)....... he he he......... UTILITY TOOLS AND PRE-REQUISITES   - Install Window Terminal Preview
Post a Comment
Read more