Winter is Coming – A new ransomware variant is currently spreading across Europe. The Bad Rabbit ransomware has infected many public infrastructure sites including the Kiev Metro in Ukraine as well as hundreds of other organizations. Interestingly, it contains several pop-culture references in its code, including some to the dragons, Drogon, Rhaegal, and Viserion of Game of Thrones.
ContentKeeper customers with a Secure Internet Gateway1 deployment were not at risk from this ransomware.
The Bad Rabbit Ransomware has been shown to initiate an attack via a drive-by-download from a compromised website. When the malicious Javascript is parsed, the user can be tricked into clicking a link masquerading as a legitimate update to Adobe’s Flash player. When the user clicks on the Install button, a download of the Bad Rabbit Ransomware is initiated and if the user executes the downloaded file, named “flash_player_update.exe”, the user’s computer becomes infected.
Once the executable is run it begins to encrypt the victim’s files and steals passwords, eventually displaying what is becoming an all too familiar demand for a ransom payment in bitcoin to decrypt the files. The virus is able to propagate itself via a range of methods including SMB and WMIC by searching for open network shares and guessing at passwords with a pre-built list. There are also now reports that the leaked NSA exploit EternalRomance was leveraged to enhance propagation.
ContentKeeper’s Secure Internet Gateway includes multiple layers of defense to protect against known and unknown threats, ransomware, malware, trojans and other viruses. Having multiple layers of defense technology is the best way to defend your network from the next attack. A modest investment in security upfront can prevent a catastrophic loss of data in the future.
1. Appropriately configured with the necessary security modules enabled
For more than 20 years, ContentKeeper has delivered comprehensive, accessible web security solutions for global enterprises, educational institutions and government agencies. We enable our customers to protect their networks, users and data from cyber threats while embracing mobile technology, Internet of Things (IoT) and cloud-based services.
About the author: David Wigley Co-Founded ContentKeeper Technologies in 1997 and serves as its Chief Executive Officer. David has many years of experience in software engineering, sales and management within the Computer Security Industry.