BadRabbit Sends Software Down the Rabbit Hole
A ransomware family called BadRabbit has hit 200 targets across the world, striking Russia, Turkey, Ukraine, Bulgaria and the United States. It is believed that Bad Rabbit has been preparing for this attack since July, 2017.
While there has been speculation about BadRabbit’s ties to Petya/Not Petya, it does not use a known exploit; instead, it operates through watering hole attacks that spread fake Flash update notifications on websites.
U.S. Cert discourages victims from paying the malware’s ransoms as there is no guarantee that access will be restored following a BadRabbit attack. Most victims have heeded this advice. BadRabbit asks for a .05 bitcoin ransom—the equivalent to $280.
Takeaway: Refrain from updating Flash via any browser pop ups. Always go directly to the vendor website – in this case www.adobe.com, for Flash updates. This practice goes for all other applications that you are prompted for an update via a browser. If available, consult your IT team or someone that is knowledgeable of these type of issues.