Scam of the Week – BadRabbit

November 3, 2017 1:58 pm Paul Mullin

Global Business has been a prime target for hackers this year with NotPetya and WannaCry, just two cyber-attacks that have caused havoc and major financial distress to both public and private sector enterprises.

The most recent of these attacks threatening to destablise global businesses is known as ‘Bad Rabbit’. This poses as an Adobe update or Flash installer, and is locking computers with a digital key. It then threatens the complete shutdown of company files unless crypto currency is paid.

The Bad Rabbit ransomware spreads through “drive-by attacks” where insecure websites are compromised. “While the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actor’s infrastructure,” according to analysis by Kaspersky Labs.

In this instance, the malware is disguised as an Adobe Flash installer. When the innocent-looking file is opened it starts locking the infected computer. The Flash download has been installed in websites using JavaScript and is injected into the HTML or Java files of the affected websites. However, the malware isn’t installed automatically and must be clicked on if it is to work.

Bad Rabbit encrypts the contents of a computer and asks for a payment – in this case 0.05 bitcoins, or about $280 (£213). It’s the latest in a year filled with high profile ransomware attacks, so much so that there are reports that say that legal firms are adopting Bitcoin wallets filled and ready to pay the ransom as a last resort.

Unlike NotPetya and WannaCry, it is believed that Bad Rabbit originated from a less sophisticated source. However, that doesn’t mean it isn’t dangerous. It has affected the likes of US, Russia, Japan and Germany.