ALERT: Worldwide Ransomware Attack Underway

A new strain of ransomware called Bad Rabbit has hit multiple organizations in Russia, Ukraine, Europe and now the United States. Bad Rabbit is a variant of the NotPetya ransomware.

The attack froze computer systems in several European countries prompting the U.S. Department of Homeland Security to issue an alert.

Security firm KnowBe4 says that the outbreak appears to have originated using hacked files on Russian media sites masquerading as Adobe Flash installers.

Unlike its predecessor, Bad Rabbit encrypted files are recoverable after purchasing the key from cyber-criminals for .05 bitcoin or $275 USD. However, you need to purchase two decryption keys: one to unlock the bootloader (since it replaced the MBR) and one to unlock the files themselves.

So, as it appears now, the ransomware is spread via infected sites with popups requesting you to update Adobe Flash Player. Once the user clicks “install” the attack begins.

Keep in mind that the bad guys are ever evolving. New attack surfaces will be used as older ones become less effective.

Beware of links and attachments in emails. The links will undoubtedly take you to an infected site, and at some point, cyber-extortionists will embed the ransomware in an infected attachment.

Financial personnel need to be keenly aware as many times accounts payable and receivable personnel are specifically targeted and used as entries into business systems.

 

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 250+ Petabytes of data with over 800 employees around the globe. Call (845) 362-9675 and lets discuss your specific needs.