What's the deal?

ransomware.pngA new ransomware outbreak is currently sweeping through Europe and will only be a matter of time before it spreads even further. The ransomware is titled "Bad Rabbit" and is crippling business, government, and educational systems as it spreads. Bad Rabbit is yet another ransomware utilizing the same vulnerabilities exploited by prior variants such as "WannaCry".

What's the damage?

Computers infected by the ransomware have 40 hours to pay $0.5 bitcoins or approximately $2771.00 USD. Once the initial time limit expires, the price increases. Initial propagation method is via drive-by downloads of a fake Adobe Flash installer. Infected computers within networks are using known exploits to propagate to other computers. The near-unbreakable encryption is made possible by open source software, DiskCryptor and using RSA 2048 keys. DiskCryptor is used to encrypted entire disk systems to prevent data from being retrieved by an unauthorized induvial.

What's the impact?

Several Russian business and government services are affected, including media outlets, airports and Ministry of Infrastructure.

What can I do?

We sat down with in-house solutions architect and security expert, Michael Esquia for some quick action items that you can take to protect yourself and your business.

  1. Ensure you have Anti-malware installed on your computer and it is up to date.
  2. Backup important files, photos, videos and program data to a portable hard disk drive, USB Flash drive or cloud service provider.
  3. If prompted to “update” or “install” Adobe Flash, do not accept. If you are not certain where to click, close your web browser. When reopening your web browser, do not restore sessions or tabs if prompted. If you think your Adobe flash is out of date or may not have it installed, visit https://www.adobe.com, Download and Install under Support towards the bottom of the page.
  4. Do not accept documents, open emails, or click links that you have not solicited.
  5. If you encounter shortened links, verify them prior to copying the link. Sites likehttps://www.checkshorturl.com or https://unfurlr.com will expand the link and provide you with the full address. (e.g. Shortened link - https://goo.gl/nbfkeE or http://bit.ly/2z7cSOH)
  6. Disabling the WMI service will stop the ransomware from propagating within networks. If you are part of a corporate network, confirm with your System administrators prior to disabling WMI. They may use the service and disabling may have undesired results.
  7. Ensure that you have a highly secure password - Bad Rabbit takes advantage of "common" passwords such as dictionary words.  Passwords should be at least 8 characters, including uppercase and lowercase letters, in addition to numbers and symbols.

Stay safe and be careful! If you're a current or future customer and need help protecting your data, call 863-802-8888.

DSM is a cutting edge cloud solutions firm based in Tampa Bay, Florida focused on delivering peace of mind to customers across the nation. With in-house security experts, our technical team is on the forefront of keeping our customers safe.