Media outlets are reporting that a ransomware attack, known as Bad Rabbit, initially spread through high profile infrastructure, primarily in Russia and Eastern Europe. Compromised websites ask visitors to update Adobe Flash Player by installing: install_flash_player.exe. This executable file encrypts all files on the machine, and informs the user that the information will be destroyed unless a password is obtained and entered. To obtain a password, victims are given 40 hours to pay 0.05 Bitcoin, or about $275, before the price is increased. It then spreads as an update to Adobe’s Flash.
US-CERT has received multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world. A suspected variant of Petya, Bad Rabbit is ransomware — malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.
US-CERT encourages users and administrators to review US-CERT Alerts TA17-181A and TA17-132A that describe recent ransomware events. Please report ransomware incidents to the Internet Crime Complaint Center (IC3). US-CERT will provide updated information as it becomes available.
To safeguard your online presence always adhere to cybersecurity guidelines:
- Users should only apply updates from known sources, i.e., Adobe Flash should be updated from adobe.com.
- Users should always use caution when browsing online and ensure that websites and email are legitimate.
- Do not open emails and attachments from unknown sources.
- Do not assume that all https sites are legitimate, there is still a risk, and you must use caution.
- Look for digital signatures and always digitally sign your emails. Digitally signed emails are more secure.
- Be proactive and protect against malware and data loss by backing up your files and keeping them safe on a physical, external storage device or in the cloud. Make sure all your software is up-to-date and that your firewall is turned on.