October 27th, 2017
Note to NPC Clients: All NPC users have the required patching to prevent the Bad Rabbit ransomware. This NPC Security Alert is for non-NPC computers.
What's the issue?
How does it work?
Ransomware is a type of malicious software that takes control of a victim's computer and locks out access to the system by holding the victim's files hostage via a powerful encryption. In this case the cybercriminals are using Win32/Diskcoder.D to encrypt vulnerable computers, which is spread through the SMB of a compromised computer. The cybercriminals then demand a ransom to release control of the computer or unencrypt the files.
What should I do?
- Ensure you have a full backup of all your devices, with proper versioning and integrity checking. Use a backup system that is not directly connected to your computer when not backing up.
- If you do not have automatic updates enabled on your computer(s), go to Windows Updates on your computer and request and run available updates.
- Ensure you have a fully patched operating system, office suite, web browser, utility apps like Adobe and Java, and a powerful and up-to-date anti-malware suite.
- Do not open any email attachments you are not expecting, or click on unknown ads or links on websites you are unfamiliar with.
- Do not connect your device to unsecure networks.
- If it appears you have been attacked disconnect your system from your network and the Internet, contact an IT professional immediately for guidance in recovering your files.
We will continue to monitor this situation closely and advise any significant developments.
Cisco Talos - Threat Spotlight: Follow the Bad Rabbit
For more information:
ESET We Live Security - Bad Rabbit: Not-Petya is back with improved ransomware
WIRED - New Ransomware Linked to NotPetya Sweeps Russia and Ukraine