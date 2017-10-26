|
A new strain of ransomware called BadRabbit (Ransom.BadRabbit) began spreading recently, 24 October 2017. BadRabbit is self-propagating, and can spread across corporate networks, therefore Symantec is advising organisations to be particularly vigilant.
Key information is detailed below however you can read the full blog post here.
- BadRabbit has many similarities to the Petya. Both malware families use a similar style of ransom note and employ a self-propagating spreading mechanism. Both threats also contain a component that targets the master boot record (MBR) of an infected computer, overwriting the existing MBR.
- BadRabbit demands a ransom of 0.05 Bitcoin (approximately NZ$406.00).
- It uses tools that reduces the amount of detectable suspicious activity on an infected computer - making it harder to identify.
- The initial infection method is through drive-by downloads on compromised websites. The malware is disguised as a fake update to Adobe Flash Player.
- Most infection attempts have occurred in Russia however a small number of infection attempts have been logged in other countries.
