If you’ve seen websites that show you a download link for Adobe Flash Player, then don’t click it! A new ransomware under the name of ‘Bad Rabbit’ has appeared on 24 October in Russia and East Europe. It has infected a lot of websites, looking like an Adobe Flash Player available for download.
The Ransomware asked for 0.05 Bitcoin from Users in Exchange for Their Encrypted Files
In a blog post written by Talos, one of the threat intelligence team member from Cisco, explained what happened to the ones that visited the infected websites. Users that got on hacked websites were redirected to ‘1dnscontrol[.]com’ – which hosted the malicious file. Victims had to pay about $285, in Bitcoin (0.05 bitcoin) to get back their encrypted files.
The problem with this worm is that after a computer gets infected and if it is in a network, it infects the complete organization without detection. The worm has been detected in a lot of countries, but it is concentrated in Russia and Ukraine, on media websites.
However, defending against this malware is easy if users have a good antivirus software. Even Window Defender does the job and stops the Bad Rabbit when it detects it.
Immunity Against Malware on Your PC
There is also a way to vaccinate you PC against the malware, by creating these files: ‘c:\windows\infpub.dat’ & ‘c:\windows\cscc.dat’ – to remove all permissions. The advice was suggested by a malware researcher, Amit Serper, and it should work (- we didn’t try to get Bad Rabbit on our PC). Apparently has no negative effect on Windows 10, so it wouldn’t hurt to have it.
The Malware Has Been Contained
Two days later, the ransomware has been slowed and probably stopped, the reports from Symantec showing that the infections happened in two hours on 24 October and the next day. Until now, security firms have controlled the hacked websites and took them offline.