What we know about Bad Rabbit thus far:
- Bad Rabbit is a well-made piece of malware that uses a lot of clever tricks to spread, similar to NotPetya, which affected customers across the globe this summer.
- Bad Rabbit has been successful as it has worm-like behavior, using embedded usernames and passwords to move laterally through the network.
- Attackers used compromised websites, most of which are news sources local to the APAC/Eastern European region, as watering-hole infection vectors which helps explain the geographic location.
- When Bad Rabbit tries to restart your machine and encrypt data, Webroot SecureAnywhere, will prompt you with a warning about unauthorized Master Boot Record alternation. Webroot also blocks the files responsible for Bad Rabbit through our BrightCloud Threat Intelligence Platform.
- Although Webroot customers are protected against Bad Rabbit, we recommend all users to maintain good cyber hygiene:
- Limit Admin account usage to only employees who need it.
- Don’t use easily guessable passwords.
- Update Windows – Ransomware authors take advantage of unpatched systems.
- Backup your data. Ransomware is crippled entirely if you have a backup copy of your data.
“From what we’ve seen so far, Bad Rabbit possesses many qualities similar to NotPetya. Initial reports find that computers across Russia, Ukraine, Bulgaria, a few surrounding Eastern-European countries, as well as Japan have been affected. Attackers used compromised websites, most of which are news sources local to the APAC/Eastern European region, as watering-hole infection vectors which helps explain the geographic location. Bad Rabbit has been successful as it has worm-like behavior, using embedded usernames and passwords to move laterally through the network. As always, the best protection against ransomware is to use an antivirus solution, patch your systems, and back up your data.”