Bad Rabbit Ransomware – What is it and how to stay safe


Trend Micro is tracking multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world. A suspected variant of Petya, Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. We want to assure you that the latest version of Trend Micro Security provides effective protection against this ransomware attack.

 

What is BadRabbit and how does it work?

BadRabbit spreads via fake Adobe Flash updates, tricking users into clicking the malware by falsely alerting the user that their Flash player requires an update. BadRabbit incorporates the use of Mimikatz to extract credentials (an open source tool that has been used in previous attacks) to extract common hard-coded credentials such as Admin, Guest, User, root, etc. There is also evidence that BadRabbit ransomware is using a legitimate tool — DiskCryptor — to encrypt the victim’s data.

Once the victim’s PC is infected and their data encrypted, BadRabbit reboots the system and the following message is displayed after reboot:

 

Based on our initial analysis, Bad Rabbit spreads to other computers by dropping copies of itself over the network.

Trend Micro Security customers can take to ensure  they’re protected from BadRabbit:

1. Make sure you are using the latest version of Trend Micro Security. You can check here if you already have the latest version or follow instructions here to upgrade Trend Micro Security to the latest version. Upgrades to the latest version of Trend Micro Security are free.

Read: How Can Trend Micro Security protect me from Ransomware?

2. Make sure your Trend Micro Security has the latest Security and Program updates. You can check here to manually update your Trend Micro Security.