On Tuesday, 24th October, a new widespread ransomware called ‘Bad Rabbit’ has emerged. It has affected over 200 major organizations, in Europe, Russia, Ukraine, Turkey and Germany. Numerous websites, an airport system and an underground railway system were compromised.
Visiting any of these compromised web sites will trigger the flash update pop-up. The next phase of the infection will redirect the victim to the ransomware distribution site: hxxp://1dnscontrol[.]com/flash_install.php
- Disable WMI service to prevent the malware from spreading over your network.
- Since ransomware spread through phishing emails, malicious adverts on websites, and third-party apps or programs, be cautious when opening uninvited documents sent over an email and when clicking on links inside those documents unless verifying the source to protect against such ransomware infection.
- Also, never download any app from third-party sources, and read reviews even before installing apps from official stores.
- To always have a tight grip on your valuable data, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.
- Make sure that you run a good and effective anti-virus security suite on your system, and keep it up-to-date.
- Make sure that all protection mechanisms are activated as recommended.
- Update antivirus databases immediately.