More ransomware is on the way. Discovered on October 24, Bad Rabbit ransomware has already affected organizations in Ukraine and Russia and has also been detected in the U.S., Germany, Japan, Turkey and Bulgaria. Earlier this year, WannaCry ransomware had infected over 200,000 computers around the world, and caused hundreds of millions of dollars in damage.
How does Bad Rabbit ransomware work?
Currently, Bad Rabbit is being distributed using a web pop-up that looks like an operating system alert to update Adobe Flash player. Here is an example we were able to obtain:
If the user clicks Update, the installer will download malware, encrypt the user’s files and present the following message:
Image credit: Kaspersky Lab
Following the URL in the ransom note, the user is taken to a webpage with a deadline timer and ransom cost:
Image credit: Kaspersky Lab
The initial price is 0.05 Bitcoin (currently around USD $278), with a threat that the price will increase after the initial deadline. The attackers promise to provide a password to decrypt the victim’s files once a payment is made. At this time there are no reports of victims paying the ransom and successfully recovering their files.
How do I protect against Bad Rabbit Ransomware?
Home users can take several precautions against this ransomware threat:
- Avoid clicking unexpected alerts while browsing the web. If you are not sure whether an alert is legitimate, close the web browser application completely in Task Manager, and see if the alert window persists.
- Update your antivirus application with the latest virus definitions. The antivirus can catch many known malware files before they get installed and do damage.
- Create regular file backups and/or system restore backups. This will help you recover quickly if you do fall victim to ransomware.
For more information and tips for dealing with ransomware, read Understanding Ransomware.