Bad Rabbit ransomware: A new variant of Petya is spreading

Page 1 of 2 12 LastLast
    Bad Rabbit ransomware: A new variant of Petya is spreading

    Bad Rabbit ransomware: A new variant of Petya is spreading


    Posted: 24 Oct 2017

    Bad Rabbit, a ransomware infection thought to be a new variant of Petya, has apparently hit a number of organisations in Russia and Ukraine.

    In a tweet, Russian cybersecurity firm Group-IB said that at least three media organisations in the country have been hit by file-encrypting malware.

    At the same time, Russian news agency Interfax said its systems have been affected by a "hacker attack".

    "Interfax Group's servers have come under a hacker attack. The technical department is taking all measures to resume news services. We apologize for inconvenience," Interfax said in a statement.

    Bad Rabbit ransomware: A new variant of Petya is spreading-badrabbit.jpg

    Read more: Bad Rabbit ransomware: A new variant of Petya is spreading, warn researchers | ZDNet
    Brink's Avatar Posted By: Brink
    24 Oct 2017


  1. Josey Wales
    Posts : 26,450
    Windows 11 Pro 22631.3527
       New #1

    Thanks for the Heads Up Shawn
      My Computer
    Quote Quote

  3. sygnus21
    Posts : 5,899
    Win 11 Pro (x64) 22H2
       New #2

    Hmmm.... we get a hacked in executive, they get a locked out media. Hardly seems fair.
      My Computers
    Quote Quote

  4. copyer
    Posts : 26
    win10 64x home retail
       New #3

    Hi, maby stupid question, but lets say i have 3 hd in my computer, wil it encrypt all hd or just the c:/ one? and in my kodi network i have also some hd connected wil they be affected too?
      My Computer
    Quote Quote

  6. linw
    Posts : 1,937
    win 10 Insider
       New #4

    Most of these ransomeware attacks go for every disk on the network.
      My Computers
    Quote Quote

  7. TairikuOkami
    Posts : 5,452
    Windows 11 Home
       New #5

    This ransomware is really original, it pretends to be a flash installer, but it still works, so whatever.

    Avoiding this one is a child's game for any administrator/user.

    1. Use SUA or UAC with a password, doh.

    2. Enable ValidateAdminCodeSignatures.


    The dropper is signed with two invalid digital certificates. The downloaded file named install_flash_player.exe needs to be manually launched by the victim. To operate correctly, it needs elevated administrative privileges which it attempts to obtain using the standard UAC prompt. If started, it will save the malicious DLL as C:\Windows\infpub.dat and launch it using rundll32.
    Bad Rabbit ransomware - Securelist

    Bad Rabbit Ransomware Outbreak in Russia and Ukraine | Anomali
    Attached Thumbnails Attached Thumbnails Bad Rabbit ransomware: A new variant of Petya is spreading-badrabbitpicture2.png.png  
      My Computer
    Quote Quote

  8. cereberus
    Posts : 15,485
    Windows10
       New #6

    Of course guys, make regular image backups, and store offline.
      My Computer
    Quote Quote

  9. Scottyboy99
    Posts : 2,297
    Windows 10 Pro (64 bit)
       New #7

    copyer said:
    Hi, maby stupid question, but lets say i have 3 hd in my computer, wil it encrypt all hd or just the c:/ one? and in my kodi network i have also some hd connected wil they be affected too?
    So this would even go for the standalone NAS drives in my network ? I’ve got three thinking my pics / docs etc are pretty safe being backed up/mirrored in triplicate (I don’t really like cloud services) Guess I should disconnect one from the network.

    presumably if our windows is up to date and defender is on with latest definitions we are protected ?
      My Computer
    Quote Quote

  10. Borg 386
    Posts : 39,956
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition, Win 11 Pro
       New #8

    Bad Rabbit: Ten things you need to know about the latest ransomware outbreak

    Bad Rabbit: Ten things you need to know about the latest ransomware outbreak | ZDNet

    A number of security vendors say their products protect against Bad Rabbit. But for those who want to be sure they don't potentially fall victim to the attack, Kaspersky Lab says users can block the execution of file 'c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.' in order to prevent infection.
      My Computer
    Quote Quote

  12. Steve C
    Posts : 7,904
    Windows 11 Pro 64 bit
       New #9

    TairikuOkami said:
    This ransomware is really original, it pretends to be a flash installer, but it still works, so whatever.

    Avoiding this one is a child's game for any administrator/user.

    1. Use SUA or UAC with a password, doh.

    2. Enable ValidateAdminCodeSignatures.



    Bad Rabbit ransomware - Securelist

    Bad Rabbit Ransomware Outbreak in Russia and Ukraine | Anomali
    What's the significance of Enable ValidateAdminCodeSignatures and does using it create other installation issues?
      My Computers
    Quote Quote

 

  Related Discussions
New global ransomware attack hits East Europe and spreading
in AntiVirus, Firewalls and System Security

Another massive attack is going on at the moment. It started in Ukraine and Russia and is already all over Europe and US too. Read more on bitdefender.com | massive-goldeneye-ransomware-campaign-slams-worldwide-users/ Independent is...
The Petya ransomware just got a whole lot worse
in AntiVirus, Firewalls and System Security

Make back ups before it strikes..... The Petya ransomware just got a whole lot worse | PCWorld
Petya ransomware encryption system cracked
in AntiVirus, Firewalls and System Security

Petya ransomware encryption system cracked - BBC News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 03:01.
Find Us




Windows 10 Forums