Page 1 of 2 12 LastLast
  1.    3 Weeks Ago #1
    Join Date : Oct 2013
    Posts : 25,232
    64-bit Windows 10 Pro build 17040

    Bad Rabbit ransomware: A new variant of Petya is spreading


    Bad Rabbit, a ransomware infection thought to be a new variant of Petya, has apparently hit a number of organisations in Russia and Ukraine.

    In a tweet, Russian cybersecurity firm Group-IB said that at least three media organisations in the country have been hit by file-encrypting malware.

    At the same time, Russian news agency Interfax said its systems have been affected by a "hacker attack".

    "Interfax Group's servers have come under a hacker attack. The technical department is taking all measures to resume news services. We apologize for inconvenience," Interfax said in a statement.

    Click image for larger version. 

Name:	badrabbit.jpg 
Views:	200 
Size:	99.2 KB 
ID:	160085

    Read more: Bad Rabbit ransomware: A new variant of Petya is spreading, warn researchers | ZDNet
      My ComputersSystem Spec
  2.    3 Weeks Ago #2
    Join Date : Mar 2017
    Posts : 5,802
    64-bit Windows 10 Pro

    Thanks for the Heads Up Shawn
      My ComputerSystem Spec
  3.    3 Weeks Ago #3
    Join Date : Jun 2014
    USA
    Posts : 1,577
    Windows 10 Pro x64

    Hmmm.... we get a hacked in executive, they get a locked out media. Hardly seems fair.
      My ComputersSystem Spec
  4.    3 Weeks Ago #4
    Join Date : Sep 2016
    Posts : 5
    win10 64x home retail

    Hi, maby stupid question, but lets say i have 3 hd in my computer, wil it encrypt all hd or just the c:/ one? and in my kodi network i have also some hd connected wil they be affected too?
      My ComputerSystem Spec
  5.    3 Weeks Ago #5
    Join Date : Oct 2014
    Posts : 1,438
    win 10 Insider

    Most of these ransomeware attacks go for every disk on the network.
      My ComputerSystem Spec
  6.    3 Weeks Ago #6
    Join Date : Oct 2014
    Trnava
    Posts : 2,865
    Windows 10.4 Home 1709 x64

    This ransomware is really original, it pretends to be a flash installer, but it still works, so whatever.

    Avoiding this one is a child's game for any administrator/user.

    1. Use SUA or UAC with a password, doh.

    2. Enable ValidateAdminCodeSignatures.


    The dropper is signed with two invalid digital certificates. The downloaded file named install_flash_player.exe needs to be manually launched by the victim. To operate correctly, it needs elevated administrative privileges which it attempts to obtain using the standard UAC prompt. If started, it will save the malicious DLL as C:\Windows\infpub.dat and launch it using rundll32.
    Bad Rabbit ransomware - Securelist

    Bad Rabbit Ransomware Outbreak in Russia and Ukraine | Anomali
    Attached Thumbnails Attached Thumbnails BadRabbitPicture2.png.png  
      My ComputerSystem Spec
  7.    3 Weeks Ago #7
    Join Date : Dec 2015
    Posts : 5,938
    Windows10

    Of course guys, make regular image backups, and store offline.
      My ComputerSystem Spec
  8.    3 Weeks Ago #8
    Join Date : Jul 2015
    Posts : 1,596
    Windows 10 Pro (64 bit)

    Quote Originally Posted by copyer View Post
    Hi, maby stupid question, but lets say i have 3 hd in my computer, wil it encrypt all hd or just the c:/ one? and in my kodi network i have also some hd connected wil they be affected too?
    So this would even go for the standalone NAS drives in my network ? Iíve got three thinking my pics / docs etc are pretty safe being backed up/mirrored in triplicate (I donít really like cloud services) Guess I should disconnect one from the network.

    presumably if our windows is up to date and defender is on with latest definitions we are protected ?
      My ComputerSystem Spec
  9.    3 Weeks Ago #9
    Join Date : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 16,956
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition

    Bad Rabbit: Ten things you need to know about the latest ransomware outbreak

    Bad Rabbit: Ten things you need to know about the latest ransomware outbreak | ZDNet

    A number of security vendors say their products protect against Bad Rabbit. But for those who want to be sure they don't potentially fall victim to the attack, Kaspersky Lab says users can block the execution of file 'c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.' in order to prevent infection.
      My ComputerSystem Spec
  10.    3 Weeks Ago #10
    Join Date : Jun 2015
    UK
    Posts : 2,096
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)

    Quote Originally Posted by TairikuOkami View Post
    This ransomware is really original, it pretends to be a flash installer, but it still works, so whatever.

    Avoiding this one is a child's game for any administrator/user.

    1. Use SUA or UAC with a password, doh.

    2. Enable ValidateAdminCodeSignatures.



    Bad Rabbit ransomware - Securelist

    Bad Rabbit Ransomware Outbreak in Russia and Ukraine | Anomali
    What's the significance of Enable ValidateAdminCodeSignatures and does using it create other installation issues?
      My ComputersSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
New global ransomware attack hits East Europe and spreading
Another massive attack is going on at the moment. It started in Ukraine and Russia and is already all over Europe and US too. Read more on bitdefender.com | massive-goldeneye-ransomware-campaign-slams-worldwide-users/ Independent is...
AntiVirus, Firewalls and System Security
Solved The Petya ransomware just got a whole lot worse
Make back ups before it strikes..... The Petya ransomware just got a whole lot worse | PCWorld
AntiVirus, Firewalls and System Security
Warning: Latest Petya Ransomware Strain Comes with a Failsafe: Mischa
Warning: Latest Petya Ransomware Strain Comes with a Failsafe: Mischa 79958 See also here: https://www.tenforums.com/windows-10-news/50417-warning-latest-petya-ransomware-strain-comes-failsafe-mischa.html
AntiVirus, Firewalls and System Security
Warning: Latest Petya Ransomware Strain Comes with a Failsafe: Mischa
Latest Petya Ransomware Strain Comes with a Failsafe: Mischa 79957 Read more: https://threatpost.com/latest-petya-ransomware-strain-comes-with-a-failsafe-mischa/118072/
Windows 10 News
Solved Petya ransomware encryption system cracked
Petya ransomware encryption system cracked - BBC News
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:35.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums