New variant of Petya hit European companies and organizations
Bad Rabbit ransomware, the latest version of Petya/NotPetya, hit European countries on October 24th and reminded corporations and organizations about the necessity to pay attention to cyber security again. Even 65% of the all the attacks were reported in Russia – news agencies Interfac and Fontaka are among the victims.
Ukraine became one of the targets as well – Odessa airport’s and subway systems were compromised by the ransomware. However, among other victims are corporations and organizations in Turkey, Germany, Poland, Bulgaria and other countries outside Europe, such as South Korea, Japan, and the United States.
While victims count the damage and recover from the attack, cybersecurity researchers were looking for the way to stop this malicious program from spreading. Fortunately, it didn’t take long to find the vaccine to Bad Rabbit.
Bad Rabbit vaccine: simple steps to protect your computer from the malware
Researchers from Cybereason Amit Serper and Mike Iacovacci found the vaccine for Bad Rabbit. Users can protect their computer and prevent recently emerged ransomware by creating infpub.dat and cscc.dat files in c:\\windows directory.
- Run Command Prompt as an administrator.
- In the windows enter these commands:
echo “” > c:\\windows\\cscc.dat&&echo “” > c:\\windows\\infpub.dat
- Now you have to remove the permissions from these files. Right-click on infpub.dat file(when continue following the same instructions with cscc.dat) and select Properties.
- In the appeared Properties window, go to Security tab.
- Click the Advanced button.
- The Advanced Security Settings window, click “Change Permissions…” button.
- In the newly appeared window unmark the tick near “Include inheritable permissions from this object’s parents” box. (Windows 10 users have to click “Disable inheritance” button and then select “Remove all inherited permissions from this object” option in the appeared new window).
- You will receive a Windows Security pop up. Hit Remove option.
General security tips to avoid ransomware virus
Authors of the Bad Rabbit hacked at least three Russian media outlets’ websites and injected fake Adobe Flash Player update.If users downloaded it, the malicious program was installed to the device. However, it’s not the only way how malware is spreading. It might also exploit vulnerabilities in Windows Server Message Block (SMB) protocol.
Thus, in order to avoid ransomware virus, users are advised to follow these security tips:
- Do not download Adobe Flash Player or other software updates from pop-ups or websites. Real updates are provided in the program window. Besides, you should enable automatic updates to avoid misleading alerts.
- Patch Windows SMB protocol. Even though Bad Rabbit does not exploit EternalBlue kit, it still can use SMB vulnerability and spread further through the network. Thus, make sure that you have patched all Windows services.
- Update software and operating system. Make sure that all your programs are up-to-date. Malicious programs can take advantage of software vulnerabilities and infiltrate the devices.
- Keep away from suspicious emails and spam emails attachments. Malicious spam emails are the main ransomware distribution method. Open only those files included in the email that you are 100% sure that they are safe.
- Install professional antivirus.
Security experts also recommend installing a professional antivirus program in order to minimize the risk of the attack. Additionally, heads of the companies and organizations are advised to remind employees these general security tips that should be followed. If one inattentive user lets the malicious program to the computer, it might continue spreading further and compromise the whole network.