In the recent past, numerous Ransomware has been targeting Europe and using various methods, jumped laterally across the networks and propagated to other countries, effectively breaching all geo-political boundaries.
A new Ransomware dubbed as Bad Rabbit has been rapidly targeting systems across Europe and following the footsteps of WannaCry and NotPetya. However, unlike WannaCry, Bad Rabbit does not use Eternal Blue for spreading laterally, but uses Mimikatz to extract the credentials from memory and tries to access systems within the same network via SMB and WebDAV.
Apart from encrypting the files, it adds the string “encrypted” at the end of the file rather than changing the extension. Changing the file extension is quite prevalent with most of the ransomware.
The primary mode of delivery is via a Fake Flash Player installer and upon execution by the user; it would start encrypting the files and then modify the Master Boot Record, reboot the system and display the Ransomware Note.
eScan actively detects and mitigates this threat. Users should always ensure that they update their computer systems with the patches that are made available by Software Vendors. They should always exercise caution whenever any website presents to you an executable to be downloaded.
