A new Ransomware has popped up across Europe and a some other places in the past few months and is called Bad Rabbit. It uses brute-forcing NTLM (NT LAN Manager)login credentials in Windows and a bunch of other exploits to encrypt files on an affected computer.
Victims of this ransomware are being redirected to a site on the darknet from appropriate news websites. Users are convinced to install the malware which is veiled as Adobe Flash player. When installed, all their files get encoded, and the victim is asked for a payment to gain access to the those files. Kaspersky Lab has analysed almost 200 targets in Turkey and Germany.
When the cloaked program is installed, the malicious DLL is saved as “C:\Windows\infpub.dat” which, in turn, installs the executable malicious file. The spyware also installs a modified bootloader, so that the users lose complete access to their computer.
“What’s more, infpub.dat acts as a typical file-encrypting ransomware: it finds the victim’s data files using an embedded extension list and encrypts them using the criminal’s public RSA-2048 key,” said researchers at Kaspersky Lab. Victims have around 40 hours to make payment, and once the timer overflows, the ransom will increase as reported.
Perpetrators of this attack have not been identified and no workaround has been found for infected computers. A precautionary measure for Bad Rabbit which you can try out to ensure that you do not get affected is not to pay any money to get data back as there’s no guarantee that the hacker will be compelled as it may also encourages them.
So, be careful as it can affect India, maybe soon!!