Bad Rabbit Ransomware Outbreak

It looks like we didn’t quite make it to the end of the year without another ransomware outbreak. This latest outbreak, called Bad Rabbit, has shut down some major agencies in Russia, the Ukraine and most recently the US. But most importantly, ENTRUST is already on the case!

It all started Tuesday, October 24, with a fake prompt from a hacked Russian website asking users to download the latest “Adobe Flash Player.” Sounds harmless, right? Immediately upon clicking the prompt, site visitors are greeted with a message demanding bitcoins, worth about $275, to be paid within 40 hours.

Don’t let the name fool you, this rabbit is not one you want to mess with. It encrypts computers in two key places (files and the master boot record needed to start it up), essentially making the computer completely useless without not one, but TWO codes to disable it.

The good news? Unlike previous ransomware outbreaks that took the victim’s payment and still didn’t unlock the device, this bunny seems to be true to his word and will unlock a computer given the purchased code. Not exactly a sigh of relief, but a silver lining, should someone fall into the trap.

While it’s not completely certain where the virus originated, experts say a close review of the code reveals a lot of similarities to other viruses that came from North Korea. ENTRUST has taken actions to block this ransomware, and we are continually monitoring all systems.

What can you do at home to protect your personal devices?

• Make sure your computer is fully up-to-date with operating system updates
• Make sure your computer has fully up-to-date and functioning anti-malware software (Symantec, McAffee, etc.)
• Be VERY careful about clicking on prompts or links