NPC Security Alerts
Bad Rabbit Another Ransomware to Watch Out For

October 27th, 2017



Note to NPC Clients: All NPC users have the required patching to prevent the Bad Rabbit ransomware. This NPC Security Alert is for non-NPC computers.


What's the issue?

Another ransomware is spreading and so far it has hit main infrastructures like the airport and subway system in Ukraine the hardest. The virus is infecting computers via drive-by download, and is spreading through compromised computers to its internal network. Some websites originating from Russia, Bulgaria and Turkey have been hacked and injected with a JavaScript that prompts the download of the virus. The download prompt is designed to look like an Adobe Flash Player update to trick users into downloading the virus. Once a user has fallen for the fake Adobe Flash Player prompt, using Microsoft's Server Message Block (SMB) protocol it will then scan the compromised computer's internal network for open SMB shares and spread the virus to those computers. Distribution of the virus has also been found in Russia, Bulgaria, Turkey and Japan.


How does it work?

Ransomware is a type of malicious software that takes control of a victim's computer and locks out access to the system by holding the victim's files hostage via a powerful encryption. In this case the cybercriminals are using Win32/Diskcoder.D to encrypt vulnerable computers, which is spread through the SMB of a compromised computer. The cybercriminals then demand a ransom to release control of the computer or unencrypt the files.


What should I do?

  1. Ensure you have a full backup of all your devices, with proper versioning and integrity checking. Use a backup system that is not directly connected to your computer when not backing up.
  2. If you do not have automatic updates enabled on your computer(s), go to Windows Updates on your computer and request and run available updates.
  3. Ensure you have a fully patched operating system, office suite, web browser, utility apps like Adobe and Java, and a powerful and up-to-date anti-malware suite.
  4. Do not open any email attachments you are not expecting, or click on unknown ads or links on websites you are unfamiliar with.
  5. Do not connect your device to unsecure networks.
  6. If it appears you have been attacked disconnect your system from your network and the Internet, contact an IT professional immediately for guidance in recovering your files.

We will continue to monitor this situation closely and advise any significant developments.


For more information:

Cisco Talos - Threat Spotlight: Follow the Bad Rabbit
ESET We Live Security - Bad Rabbit: Not-Petya is back with improved ransomware
WIRED - New Ransomware Linked to NotPetya Sweeps Russia and Ukraine


NPC Security Alerts

Receive our NPC Security Alerts email to stay on top of the most important security threats to your devices, data, and your privacy. We do not use this list for any other purpose.

Sign up now