What You Need to Know About Bad Rabbit Ransomware

You know what they say: another day, another cyberattack. Okay, maybe "they" don't say that. But they should!

Cyerattacks are everywhere and new exploits are being developed all the time. Take Bad Rabbit for instance. This form of ransomware is rather new, but it's already making a big splash as it victimizes Russian and Eastern European businesses.

Below, CyberPolicy examines Bad Rabbit, the trends in ransomware, and what businesses can do to defend themselves. Remember, even if you are snagged by ransomware or another form of attack, cyber coverage insurance can be your safety net.

The Basics of Bad Rabbit
Bad Rabbit first burst onto the scene on Tuesday, October 24th. The Russian news agency Interfax Ltd. appears to have been one of the first victims. As of writing this article, the website is still disabled due to "hacker attack." From there, organizations across Russia, Ukraine, Poland, Germany, and Turkey have fallen victim to the infection. According to ZDNet, there are almost 200 infected targets.

Now clearly this isn't on the same scale as the WannaCry epidemic that infected more than 300,000 machines in 150 countries. However, that does not mean that Bad Rabbit doesn't share some similarities with other ransomware attacks. It does. Specifically, Bad Rabbit shares 67 percent of the same code used in the Petya/Not Petya attacks in June. For this reason, some experts believe that these scams might be the work of the same threat actor(s).

Even more bizarre is that the code contains various references to the hit HBO show, Game of Thrones.

How Does It Spread?

Like many forms of malicious software, Bad Rabbit has been propagating itself through drive-by downloads on hacked websites. Typically, the web user will see a pop-up screen prompting them to download the latest Flash player update"“ which is always a red flag!

These kinds of scams are made possible through JavaScript injection, in which a hacker conceals malicious code within a third-party website. Once the package has been downloaded, it will lock the user's device or spread itself throughout the network.

Infected devices will show a red-and-black warning message and a timer, telling the user that their files have been encrypted. The only way to release these files is to pay an extortion fee of 0.05 bitcoin; the equivalent of $285. If the timer runs out, the price goes up.

ZDNet writes that "at this stage, it's unknown if it's possible to decrypt files locked by Bad Rabbit without giving in and paying the ransom." Although the site warns that paying the fee might encourage ransomware growth as hackers see how lucrative it is.

Kaspersky Lab says users can prevent infection by locating the malware file (within 'c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.' of their computers) and blocking its execution.

Whether Bad Rabbit will spread to U.S. businesses and organizations remains to be seen. But it's best to prepare yourself for the worst. By investing in cyber coverage insurance, you can be certain that your organization is protected no matter what. Visit CyberPolicy for your free quote today!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375