"Bad Rabbit" Ransomware Advisory

October 25, 2017

The Cybersecurity Team at Align is currently following a new ransomware threat on the rise, known as Bad Rabbit, that has already affected several organizations in Russia, Ukraine and Eastern Europe. This latest strain of malware has been compared to the infamous WannaCry and Petya attacks that affected organizations globally earlier this year.
rabbit.jpg
The worldwide Bad Rabbit ransomware outbreak started Tuesday and froze computer systems in numerous countries. Bad Rabbit starts with social engineering, attacking websites and then imitating an Adobe Flash installer. The victim is instructed to click on an update for Adobe Flash Player, while the ransomware is downloaded to their machine in the background. The malware then encrypts all of the files on the system and replaces the master boot record. Bad Rabbit then demands from its victim a payment of 0.05 bitcoin, or about $275 within 40 hours.

According to Virus Total, many of the Antivirus solutions do not yet have a signature for this malware.

While Align has not discovered any reports of this new ransomware being delivered via phishing emails, we strongly recommend that everyone be extremely diligent before clicking on attachments.

In addition to being cautious when opening email attachments, we recommend immediately taking the following actions:

  • Block the following URLs on your web proxies or gateways (remove the brackets)
    • 1dnscontrol(.)com
    • an-crimea(.)ru
    • ankerch-crimea(.)ru
    • argumenti(.)ru
    • fastmonitor1(.)net
    • caforssztxqzf2nm(.)onion
  • Block TOR traffic on your web proxies or gateways. This may be listed under the category of “Anonymizers.”
  • Block all Ad Networks categories on you web proxies or gateways.
  • Notify all email users to be extra cautious when opening email attachments, and advise them NOT to click on any popup links to update Flash.
  • Check to ensure that your backups are current, valid and secured.
  • Ensure that the latest signature of your anti-virus system is updating properly, so signatures for this malware are active as soon as they are available.
  • Make sure that your systems are patched and up to date, particularly with the Microsoft patch MS17-10.
  • Monitor your network traffic and security logs for any anomalies.


If you need assistance with patching, or any other security concerns, please do not hesitate to contact Align’s Cybersecurity Team at 800-877-9980 or cyber@align.com.

 

 

Press Contact Information:

New York (Headquarters)
55 Broad Street
6th Floor
New York, NY 10004

Tags: Cybersecurity, Business Intelligence