Information Security - Be Aware Of

What is Bad Rabbit?

Bad Rabbit is a type of ransomware.

 

How is Bad Rabbit distributed?

It is distributed through drive-by downloads. This means that while the victim is visiting a compromised site a malware dropper is being downloaded. Keep in mind this can occur on compromised legitimate sites. No exploits appear to be used so the victim needs to manually execute the malware dropper, which pretends to be an Adobe Flash installer.

 

Whom does it target?

Most of the targets are located in Russia. Similar but fewer attacks have also been seen in other countries – Ukraine, Turkey, USA, and Germany. 

 

How to protect against Bad Rabbit:

Users of GRCC maintained devices are protected due to the fact that they do not have local administrative accounts. The downloaded drive-by file is named install_flash_player.exe and needs to be manually launched by the victim which must have elevated administrative privileges.

All users on our network should also be protected due to our Palo Alto firewall which provides prevention through automation which is applied consistently across the network.

If you are not on a GRCC maintained device or network, we strongly recommend that all Adobe users protect themselves by only getting Adobe Flash updates from the Adobe web site. Also keep your anti-virus definitions updated and don't open links in potential phishing emails as they could be directing you to a drive-by download site. When in doubt contact the IT Helpdesk.