Another day, another ransomware attack. This time in Eastern Europe, as countries have seen establishments and infrastructure hit by an infection by the name of Bad Rabbit. Among the targets were government buildings, members of the media, and transportation centers.
The main countries affected appear to be Russia and Ukraine, but it has been spotted in Bulgaria, Germany, and Turkey. The targets shut down by Bad Rabbit include:
- Russia’s Interfax Agency (A major news outlet)
- Ukraine’s Kiev Metro
- The Odessa International Airport
- The Ministry of Infrastructure
- The Ministry of Finance
The attack on Kiev Metro appears to have used Diskcoder.D, a variant of the infamous Petya ransomware.
The good news? There is less chance of Bad Rabbit doing the same damage that the WannaCry ransomware managed to accomplish.
(WannaCry was able to spread across Europe and made its way to North America.)
Whereas WannaCry relied on a worm, Bad Rabbit uses a server message block vulnerability called EternalRomance. It is disguised as an Adobe Flash installer and downloads from legitimate websites.
While not confirmed, Bad Rabbit and NotPetya (another ransomware attack) appear to be deployed by the same actor. This is based on 67% of their codebases being similar.
Bad Rabbit should not have spread as far as it did. Back in March, Microsoft released a patch for EternalRomance; this was also when the EternalBlue vulnerability was patched.
Every attack like Bad Rabbit is an example as to why you need to install patches and updates when they are released. Don’t be like the organizations that were hit, now is a good time to update all your security software.
IT Support Guys can help you make sure that your systems are not left vulnerable to attacks like this by managing your patches and updates for you. Reach out by calling 855-4IT-GUYS (855-448-4897) for more information about network security.