27 October 2017

East Africa: 'Beware of Badrabbit' Sophos Warns Against New Ransomware Strain

Ransomware prevents you from accessing files from an infected computer until you pay the ransom. For the past few months, users especially in Russia and Ukraine have experienced several strains of ransomware, the latest one being BadRabbit which targeted consumers and businesses.

BadRabbit appears to be automatically downloaded when users visit legitimate websites, but as it doesn't use any exploits as with previous ransomware, it relies on the user to run the program manually. It poses as an Adobe Flash installer. When the program is run, it displays a similar message to other ransomware and tells users to send just under $300 to a Bitcoin account.

"It was only a matter of time before someone took the ideas from WannaCry and NotPetya and ran with them for another go at unsuspecting victims. It appears this latest variation, the so-called Bad Rabbit ransomware, is being distributed via a fake Adobe Flash Player installer file. Initial reports are primarily from Eastern Europe, especially focused on Russia and Ukraine. What makes this malware more dangerous than your typical ransomware being distributed in a similar manner is its ability to spread across an organization as a worm and not just through email attachments or vulnerable web plugins. It is rumored to contain the same password stealing and spreading mechanism as NotPetya, allowing it to traverse an enterprise and cripple it in no time.", says Chester Wisniewski, Principal Research Scientist at Sophos.

SophosLabs are working to confirm these details, but have already ensured protection for Sophos customers. At the moment Sophos Anti-Virus customers will detect this variation as Troj/Ransom-ERK. Sophos Sandstorm proactively detected this threat through our machine learning detection as well as Sophos Intercept X blocking this threat through the use of our CryptoGuard technology. Sophos web protection products are also blocking known distribution points.

In addition, Sophos recommends the following:

Keep software up to date with the latest patches.

Back up regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete.

Encrypt your backup and you won't have to worry about the backup device falling into the wrong hands.

Defense-in-depth is your friend. Criminals constantly try to outwit security products, having many layers of protection helps bridge the gap when one is evaded.

ee trial of Sophos Intercept Xand, for home (non-business) users, register for the free Sophos Home Premium Beta, which prevents ransomware by blocking the unauthorized encryption of files and sectors on your hard disk."

East Africa

Nation Journalists Feted at Merck Foundation Media Awards

NTV's Namukabo Werungah, Doreen Magak, Antony Wabwoba and former station head Pamela Asigi were among the big winners at… Read more »

See What Everyone is Watching

Copyright © 2017 CIO East Africa. All rights reserved. Distributed by AllAfrica Global Media (allAfrica.com). To contact the copyright holder directly for corrections — or for permission to republish or make other authorized use of this material, click here.

AllAfrica publishes around 800 reports a day from more than 140 news organizations and over 500 other institutions and individuals, representing a diversity of positions on every topic. We publish news and views ranging from vigorous opponents of governments to government publications and spokespersons. Publishers named above each report are responsible for their own content, which AllAfrica does not have the legal right to edit or correct.

Articles and commentaries that identify allAfrica.com as the publisher are produced or commissioned by AllAfrica. To address comments or complaints, please Contact us.