Bad Rabbit, The New Ransomware Threat. Can You Catch It?

27/10/2017 08:54:53
*|MC:SUBJECT|*
Bad Rabbit, The New Ransomware Threat. Can You Catch It?
 
OVERVIEW
On the 24th October 2017, a new ransomware codenamed “Bad Rabbit” has been discovered and is now rapidly spreading across countries such as Russia, Ukraine, Germany, etc. Bad Rabbit infects a network when one person inadvertently runs a “fake” Adobe Flash Player installer that has been manipulated to look like the real deal.
MALWARE INFECTION PROCESS
Bearing similarities with WannaCry & Petya Ransomware, Bad Rabbit encrypts Windows, video and audio files. Through hacked websites, it prompt out fake Adobe Flash update to the user to install it. Two encrypted files named “-infpub.dat” and “dispci.exe” will be installed and lock the documents in the system. Infected UI page shown as below:
After infecting one machine in a network - one computer in an office, for example - Bad Rabbit can find any login details stored on the machine, which it will use to spread to other machines. The malware will lock users out and demand a ransom.

The extensions being encrypted as per below:
.3ds .7z .accdb .ai .asm .asp .aspx .avhd .back .bak .bmp .brw .c .cab .cc .cer .cfg .conf .cpp .crt .cs .ctl .cxx .dbf .der .dib .disk .djvu .doc .docx .dwg .eml .fdb .gz .h .hdd .hpp .hxx .iso .java .jfif .jpe .jpeg .jpg .js .kdbx .key .mail .mdb .msg .nrg .odc .odf .odg .odi .odm .odp .ods .odt .ora .ost .ova .ovf .p12 .p7b .p7c .pdf .pem .pfx .php .pmf .png .ppt .pptx .ps1 .pst .pvi .py .pyc .pyw .qcow .qcow2 .rar .rb .rtf .scm .sln .sql .tar .tib .tif .tiff .vb .vbox .vbs .vcb .vdi .vfd .vhd .vhdx .vmc .vmdk .vmsd .vmtm .vmx .vsdx .vsv .work .xls .xlsx .xml .xvd .zip
Infected users will also find a “Readme.txt” file in the system root folder, which contains the information on how to pay the ransom.
WHAT CAN I DO ?
1. To prevent malware spreads across the network, disable the WMI services.
2. Disable TCP 135/139/445 ports, you may find the method here.
3. Please use higher security password on PC in the intranet. It is recommended to use a mix of capital letters, numbers and symbols.
4. Make sure your anti-virus software is up-to-date.
5. Sangfor NGAF users do not have to worry. Please make sure to update your NGAF database as soon as possible. Our database has been already updated and include new rules to protect users against this new threat.
HOW SANGFOR NGAF CAN HELP YOU?
Below are the main tools integrated in Sangfor NGAF that can help prevent your organization being affected by Ransomware.

SANGFOR NGAF is the world 1st fully integrated NGFW (Next Generation Firewall) + WAF (Web Application Firewall). It can help you provide a comprehensive network security protection against current, emerging and future threats.

Anti-Phishing: Send out alerts on suspicious emails that could bring in Ransomware.

Anti-Virus: Clear out known Ransomware according to over 1+ million signatures in SANGFOR database.

Sandboxing: Detect and block emerging and new Ransomware by cloud-based threat analysis.

Anti-Malware: Damage remediation - keep Ransomware from spreading via corporate network and even block the encryption process.
Threats are continuously emerging and evolving. Make sure that your organization is safe by requesting a FREE security assessment of your Network.
I WANT MY FREE NETWORK SECURITY ASSESSMENT

Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2017 SANGFOR TECHNOLOGIES INC. ALL RIGHTS RESERVED.