Bad Rabbit ransomware

Oct. 25, 2017

Mainly Russia and Ukraine were hit by a new ransomware called BadRabbit. Among the most damaged is Kiev underground and international airport in Odessa. Infections have also been reported in Bulgaria, Japan, Turkey and Germany. Ransomware is spread through compromised websites where a user is prompted to update Flash Player. User then executes binary containing malware which then encrypts user files and then request payment of 0,5 BTC. Next to that BadRabbit tries to infect other computers on the local network through exploitation of SMB protocol. It’s recommended to maintain updated status on operation and security systems. For example Windows Defender can detect and remove malware since protection update 1.255.29.0. According to Cyberreason the ransomware has a kill-switch. All it takes is to create 2 files cscc.dat and infpub.dat in C:windows (your %windir% folder) and set it as read-only. That should assure that files on the hard-drive don't get encrypted.