The US government has discovered a new ransomware attack which reportedly spread through Russia and Ukraine and has been moving to other countries around the world.
The ransomware disguised as an Adobe update before holding computers hostage and asked the victims to visit a Tor network page to pay their ransom before they can retrieve their files. Cybersecurity experts said that the ransomware targeted Russian media outlets and Ukraine Transportation system. The security threat has spread into other countries including the United States, Germany, and Japan.
You will recall that two major threats hit this year, namely, NotPetya and Wannacry which locked down businesses, government institutions and hospitals. Some experts have established a relationship or some similarities between NotPeya code and the most recent attack which has been named Bad Rabbit. When such a threat infects a computer, it seizes all your files and demands for a ransom in exchange. However, victims are always advised not to succumb to the blackmail because there’s no guarantee that their files will be retrieved.
According to Vyacheslav Zakorzhevsky, head of the anti-malware research team at the Russiam cybersecurity firm Kaspersky Lab, the investigation report shows a similarity in methods between the NotPetya and the Bad Rabbit attack, indicating that the perpetrators may be the same set of people. Just like NotPetya, the Bad Rabbit attacked computers disguising as an Adobe Flash installer on compromised news and media websites. This happens to be a popular malware trick that has been used over time to lure innocent internet users. Hopefully, this should serve as a warning that people should not be quick to download apps or software from advertisements or websites that are not owned by the said company.
Worse still, other computers who share similar folders are also at risk because once a machine is infected by the ransomware, it scans the network for shared folder to steal information from the other computers.
The cyber crooks are suspected to be fans of ‘Game of Thrones’, due to the references of characters like Grey Worm and Daenerys’ dragons contained in the ransomware code.
Many anti-virus software including Windows Defender detects the Malware-Bad Rabbit and you will hardly find a computer without an anti-virus installed, thereby minimising the risk and impending loss. James Emery-Callcott, a malware researcher opines that the popular trick may soon become stale with people realizing the overused trap. He said:
‘As far as I can see, the attacker’s server is no longer live and most of the infected sites hosting the script that gives the Flash update prompt. Fake Flash updates are an incredibly popular method of distributing malware these days. Hopefully, people will start to realize that when you get an unsolicited Flash update, it is generally going to be bad’
However this malware saga will end, cybercrime is now a reality. We cannot escape the reality of contending with cyber crooks, we can take precaution by installing a reliable anti-virus and taking note of trends like fake Flash updates.