A new malware is lurking in town. It has been dubbed as Bad Rabbit. An infected user is assigned a personal assigned key. As of this writing, the initial ransom is $0.05 bitcoin which amounts to $275.59, however, if the victim fails to pay the ransom during an allocated time, the price increases.
Most victims are from Russia and Eastern Europe. Germany has been impacted also. Media companies from Russia and news agencies from Interfax and Fontaka have reported the incident. Another victim was Ukraine specifically the Odessa airport, Kiev subway system and the Ministry of Infrastructure of Ukraine has also been impacted.
Kaspersky Lab and Proofpoint had pointed out that Bad Rabbit has been spreading around via a fake Adobe Flash Installer. Their main target are news and media websites which helped distribute the fake installer to unsuspecting victims. Although it is a potent attack, it has been said that there were no exploits used during the attack which mainly focuses on victim to be infected by agreeing to download the Bad Rabbit ransomware. Only a few antivirus companies were able to detect Bad Rabbit.
Their primary target are enterprise or corporate networks. Once downloaded and deployed, it utilizes the Eternal Blue exploit to spread across the network. It capitalizes on un-patched systems to spread effectively.
Bad Rabbit is avoidable. It would require enhanced permissions to circumvent infection. Computer systems would also need to be patched up. If an employee has the capability and ability to run the fake Adobe Flash Player, they will be able to infect your network. If the system is out of date, it is a high probability of infection. Make sure you have patched Eternal Blue by making sure you have the patch from Microsoft. Here is the link https://technet.microsoft.com/en-us/library/security/ms17-010.aspx. Make sure that you also have good policies in effect to hinder the infection and make sure you think before you click.