Skip to main content
Webroot customers are protected from the Bad Rabbit malware that is affecting computers across Russia, Ukraine, Bulgaria, a few surrounding Eastern-European countries, as well as Japan.

 



 

What we know about Bad Rabbit thus far:


  • Bad Rabbit is a well-made piece of malware that uses a lot of clever tricks to spread, similar to NotPetya, which affected customers across the globe this summer.
  • Bad Rabbit has been successful as it has worm-like behavior, using embedded usernames and passwords to move laterally through the network.
  • Attackers used compromised websites, most of which are news sources local to the APAC/Eastern European region, as watering-hole infection vectors which helps explain the geographic location.
  • When Bad Rabbit tries to restart your machine and encrypt data, Webroot SecureAnywhere, will prompt you with a warning about unauthorized Master Boot Record alternation. Webroot also blocks the files responsible for Bad Rabbit through our BrightCloud Threat Intelligence Platform.
 


  • Although Webroot customers are protected against Bad Rabbit, we recommend all users to maintain good cyber hygiene:
    • Limit Admin account usage to only employees who need it.
    • Don’t use easily guessable passwords.
    • Update Windows – Ransomware authors take advantage of unpatched systems.
    • Backup your data. Ransomware is crippled entirely if you have a backup copy of your data.
We talked with Eric Klonowski, Senior Advanced Threat Research Analyst this morning who had this to say:

 

“From what we’ve seen so far, Bad Rabbit possesses many qualities similar to NotPetya. Initial reports find that computers across Russia, Ukraine, Bulgaria, a few surrounding Eastern-European countries, as well as Japan have been affected. Attackers used compromised websites, most of which are news sources local to the APAC/Eastern European region, as watering-hole infection vectors which helps explain the geographic location. Bad Rabbit has been successful as it has worm-like behavior, using embedded usernames and passwords to move laterally through the network. As always, the best protection against ransomware is to use an antivirus solution, patch your systems, and back up your data.”
Via the webroot console's agent commands>advanced>run a dos command

run, in order, these:

copy nul> c:windowsinfpub.dat

copy nul> c:windowscscc.dat

attrib c:windowsinfpub.dat +R

attrib c:windowscscc.dat +R



and the system will also be inoculated against the badrabbit malware.

If your console is set to 15-minute updates - all the systems will be protected quickly.

Patched 100 systems for one client in under 30 minutes.

Reply