Not Petya Strikes Back as Bad Rabbit Ransomware

October 30, 2017
ransomware Malware removal

Fake News? What’s worse is a Ransomware to Ruin Your Day.

People whose job is to gather information, do general research on current events may have been previous victims of fake news from Fake News Sites. Believing in false information could harm you intellectually and socially. What’s worse that could happen next, assuming people has already learned how to differentiate real and fake news, danger could still lie ahead, by how?

Current Ransomware Trend

Ransomware has been one of the most annoying malware attack in both corporate and individual environment, because it will specifically ask you for a ransom to unlock your computer. In case you find a way to unlock your own computer the files will remain encrypted unless you are too cautious and has backed up important files and documents where encrypted files would not matter much.

The trending Ransomware is called “Bad Rabbit” which has been reportedly causing infection since October 24, 2017. The ransomware is reportedly a modified version of the NotPetya worm which also caused havoc and shut down some computers during the second quarter of the year. It looks cute but in reality it is nasty! Check this image for reference:


How does it work?

Let’s all take note that this ransomware is a combination of different ransomware tools and algorithms. With the NotPetya as a basis and some techniques from WannaCry Ransomware.

Firstly, infection was reportedly spread through a couple of news sites which corrupted those sites to download a Fake Flash Installer.

Once a user come across an infected site, he/she will be asked to update the flash player, once the user agrees a file named install_flash_player.exe is downloaded with FBBDC39AF1139AEBBA4DA004475E8839 – MD5 hash that infects the host. It will then alter the computer’s security  and admin privileges to spread the malware through the Network.

Here is an image of a ransom note:

Not Petya Strikes Back as Bad Rabbit Ransomware


As you can see on the image, there is an onion site involved where cyber criminals usually take their business for anonymity.

Who were hit the hardest?

The malware spread in Russia, and then to Ukraine. In Ukraine it was reported by ESET that the metro system in the Ukrainian capital and the main airport in Odessa had been infected by the ransomware.

Any ransomware infection for now can be prevented by being vigilant with any files that are about to be downloaded, one must be careful on clicking the agree button from sites that are visited regardless of the frequency of visit.

Always back up important documents to a separate device that is not connected to the local network.

The ransomware takes credentials and passwords too. Possibly soon enough a more formidable ransomware that takes more information would damage your brand significantly rather than simply asking ransom from you.

About the author

Leave a Reply