{Sigh} Here We Go Again: ANOTHER Nasty Ransomware Outbreak!

bad-rabbit-ransomware

Well, here we go, again.  I was just about ready to wrap up my work day and head home when a tech news article caught my eye: there is a new, nasty ransomware outbreak spreading its way around the world called Bad Rabbit.  It started in Russia and the Ukraine, quickly made its way across Europe and has already started moving through systems in the United States.

It seems to be a lot like the recent Not-Petya virus, but new and improved.  Oh, Boy!  

Bad Rabbit outbreaks appear to have started as a bad drive-by download on infected Russian media websites, and early victims were reportedly infected when they clicked on links that prompted them to download an Adobe Flash Player update, which was actually the infection.  Once it infects a computer, it attempts to spread itself across a network by looking for commonly used (and default) share names and then attempts to access them using basic user names like admin, administrator and nasadmin with simple passwords like admin123, guest123, love and password.  Here are some more examples:

Like most ransomware, it encrypts your files so that they become inaccessible and unreadable, it adds the word "encrypt" to the ends of file names, and it demands a ransom (paid in BitCoins, of course) for you to get the key to unlock your files.

But that's not all...

What makes it REALLY nasty is that is also encrypts your computer's Master Boot Record (MBR) so that the next time your computer reboots, it can't read the first part of the hard drive that it needs in order to load the operating system, and it allows the virus to encrypt the NTFS file system structure.  That is going to leave a lot of people with unusable computers if this virus spreads as quickly and as widely as WannaCry did a few months ago.

What can you do to protect yourself?  The usual things:

  • Make sure that all of your software is up to date
  • Don't visit suspicious-looking websites
  • Don't click on suspicious links or open unknown attachments
  • DO NOT agree to install any software that you get prompted for on any unknown websites
  • Make sure that you have good, complex passwords on all of your user accounts
  • Make sure that all network shares on your network are locked down to specific user account access
  • Make sure that you have good, current backups of your data
  • Do not give Administrator rights to standard user accounts on network computers

If you see the following message, well, it's already too late:

Oops! Your files have been encrypted. 
If you see this text, your files are no longer accessible. You Might have been looking for a way to recover your files. Don't waste your time. No one will be able to recover them without our decryption service.
We guarantee that you can recover all your files safely. All you need to do is submit the payment and get the decryption password.
Visit our web service at [redacted]

This article gives a good, deep dive into the technical details of the Bad Rabbit infection: https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/

ZDNet wrote this "less techie" overview of the infection that's a little easier to digest: http://www.zdnet.com/article/bad-rabbit-ransomware-a-new-variant-of-petya-is-spreading-warn-researchers/

We hope that this blog post might help you to avoid getting hit with this latest outbreak of ransomware, but they seem to be coming faster than ever.  If you do get infected, don't panic.  Give us a call or seek another professional IT support company's assistance with removing the infection and dealing with the damage that it has inflicted.  If you have good backups, you should be okay once your MBR has been fixed, but that means that once you shut your computer down do not try starting it up again - that's when the real operating system damage occurs.  Make sure that you tell your computer repair specialist exactly what happened so that they can try recovering your MBR by booting it up from an alternate source, such as a thumb drive or DVD.

We know that this is all getting to be a little scary, so let's be careful out there.  With a little common sense and good computing habits, we'll make it through these trying times together.

         -PJ

Call Now Button(434) 975-0122