October 25, 2017

"Bad Rabbit" Ransomware Advisory

by: Align

The Cybersecurity Team at Align is currently following a new ransomware threat on the rise, known as Bad Rabbit, that has already affected several organizations in Russia, Ukraine and Eastern Europe. This latest strain of malware has been compared to the infamous WannaCry and Petya attacks that affected organizations globally earlier this year.
The worldwide Bad Rabbit ransomware outbreak started Tuesday and froze computer systems in numerous countries. Bad Rabbit starts with social engineering, attacking websites and then imitating an Adobe Flash installer. The victim is instructed to click on an update for Adobe Flash Player, while the ransomware is downloaded to their machine in the background. The malware then encrypts all of the files on the system and replaces the master boot record. Bad Rabbit then demands from its victim a payment of 0.05 bitcoin, or about $275 within 40 hours.

According to Virus Total, many of the Antivirus solutions do not yet have a signature for this malware.

While Align has not discovered any reports of this new ransomware being delivered via phishing emails, we strongly recommend that everyone be extremely diligent before clicking on attachments.

In addition to being cautious when opening email attachments, we recommend immediately taking the following actions:

  • Block the following URLs on your web proxies or gateways (remove the brackets)
    • 1dnscontrol(.)com
    • an-crimea(.)ru
    • ankerch-crimea(.)ru
    • argumenti(.)ru
    • fastmonitor1(.)net
    • caforssztxqzf2nm(.)onion
  • Block TOR traffic on your web proxies or gateways. This may be listed under the category of “Anonymizers.”
  • Block all Ad Networks categories on you web proxies or gateways.
  • Notify all email users to be extra cautious when opening email attachments, and advise them NOT to click on any popup links to update Flash.
  • Check to ensure that your backups are current, valid and secured.
  • Ensure that the latest signature of your anti-virus system is updating properly, so signatures for this malware are active as soon as they are available.
  • Make sure that your systems are patched and up to date, particularly with the Microsoft patch MS17-10.
  • Monitor your network traffic and security logs for any anomalies.

If you need assistance with patching, or any other security concerns, please do not hesitate to contact Align’s Cybersecurity Team at 800-877-9980 or cyber@align.com.



Continue Reading

Related Articles


“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC