Bad Rabbit Ransomware – What is it and how to stay safe

2017-10-27T16:50:50
ID TRENDMICROBLOG:7A10AC0F1D68AC275E2D2891AA8C528D
Type trendmicroblog
Reporter Trend Micro
Modified 2017-10-27T16:50:50

Description

Trend Micro is tracking multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world. A suspected variant of Petya, Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. We want to assure you that the latest version of Trend Micro Security provides effective protection against this ransomware attack.

What is BadRabbit and how does it work?

BadRabbit spreads via fake Adobe Flash updates, tricking users into clicking the malware by falsely alerting the user that their Flash player requires an update. BadRabbit incorporates the use of Mimikatz to extract credentials (an open source tool that has been used in previous attacks) to extract common hard-coded credentials such as Admin, Guest, User, root, etc. There is also evidence that BadRabbit ransomware is using a legitimate tool — DiskCryptor — to encrypt the victim's data.

Once the victim’s PC is infected and their data encrypted, BadRabbit reboots the system and the following message is displayed after reboot:

Based on our initial analysis, Bad Rabbit spreads to other computers by dropping copies of itself over the network.

Trend Micro Security customers can take to ensure they’re protected from BadRabbit:

1. Make sure you are using the latest version of Trend Micro Security. You can check here if you already have the latest version or follow instructions here to upgrade Trend Micro Security to the latest version. Upgrades to the latest version of Trend Micro Security are free.

Read: How Can Trend Micro Security protect me from Ransomware?

2. Make sure your Trend Micro Security has the latest Security and Program updates. You can check here to manually update your Trend Micro Security.

Trend Micro Security

Trend Micro Security provides online protection against malware and ransomware using advanced machine learning- based technology. so you can enjoy your digital life safely. It helps protect you from identity theft, viruses, phishing, online scams, and more.

Trend Micro Security keeps your valuable files safe from ransomware with Folder Shield, by allowing only authorized applications to access the protected folders such as your documents, photos, music, and videos. Folder Shield can even protect cloud- synced folders such as Dropbox, Google Drive, and Microsoft OneDrive.

Learn more at trendmicro.com