Another Global Ransomware attack was named in the news on Tuesday evening – Bad Rabbit. This is similar to the Petya and Wannacry outbreaks earlier this year.
This particular ransomware does require the user to download a malicious file to infect their machine. In this case the user will be asked to download a file named install_flash_player.exe
Please remain vigilant and if you have any concerns please contact your service desk immediately.
General advice and guidance
YOU SHOULD IMMEDIATELY SHUT DOWN YOUR PC, REMOVE NETWORK CABLE AND CALL YOUR SERVICE DESK NUMBER IF:
- You think you may have inadvertently opened a malicious email, or clicked a suspicious link/attachment.
- You think you may have clicked a suspicious webpage link or advert which didn’t take you to the desired page.
- You receive any unusual pop-up alerts stating you have a virus or suchlike on your PC.
- You find you are unable to open any of your documents which you have previously had access to.
An official statement from the National Cyber Security Centre
A spokesperson for the National Cyber Security Centre said:
“We are aware of a cyber incident affecting a number of countries around the world.”
“The NCSC has not received any reports that the UK has been affected by this latest malware attack. We are monitoring the situation and working with our partners to better understand the threat.”
Advice from Sophos’ Naked Security
Here are some general tips to raise your defences against this sort of outbreak:
- Ditch Flash altogether. Fake flash installers and updates only work as a social engineering tactic if you use or want Flash. By removing Flash entirely you not only protect yourself from Flash zero-day holes, but also eliminate the temptation to download fake updates.
- Patch promptly. Outbreaks such as NotPetya and WannaCry exploited a vulnerability for which patches were already available. Don’t lag behind once patches are available for known security holes – the crooks will be only too happy to take advantage.
- Remember your backups. Make them regularly, and keep a recent backup both offline and offsite, so you can access it even if your workplace ends up off limits due to fire, flood or some other cause not related to malware.
- Don’t make users into administrators. When you want to perform administrative tasks, promote yourself to an administrator account, and relinquish those privileges as soon as you can. Network-aware malware like Bad Rabbit can spread without even needing to guess passwords if you already have administrator-level access to other computers on the network.
McAfee
McAfee is currently investigating a ransomware campaign known as Bad Rabbit, which initially infected targets in Russia and the Ukraine. They are also investigating reports of infected systems in Germany, Turkey, and Bulgaria and will provide updates as more information becomes available.
This post was researched and written by Christiaan Beek, Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani.
