The latest spate of Russian and Ukrainian file encryption malware attacks have been found to share helpful amounts of source code with the NotPetya file encryption malware from earlier this year. There is a small chance that systems struck with the malware may be recoverable without paying the ransom.
If your systems have been impacted by the malware we encourage you to speak to our professionals to aid in system recovery!
Once the Bad Rabbit ransomware has penetrated your infrastructure it infects systems and will encrypt some file types and then, like NotPetya, proceed to encrypt the disk. It will conclude by displaying a ransom note when the computer boots.
It appears that the malware authors have re-purposed some pieces of NotPetya source code and addressed some coding errors found in the original malware. Where the original NotPetya was billed as a ransomware attack the payment mechanism was flawed; Bad Rabbit’s payment mechanism is functional and can result in permanent damage unless careful steps are taken.
Experts have discovered that the decryption key may be recoverable without paying the ransom, and in some conditions file backups may still be functional. Our experts can also assist in containing the spread of the malware.
Grant Thornton’s Computer Incident Response Team have worked on the ground in the Ukraine and with international clients impacted by this family of attacks. Call our experts any time (day or night) for advice on securing your systems and recovering them if they have been infected.
The ransomware infects a machine by pretending to be an Adobe Flash Installer, then spreads through the network though open server message block shares, dropping malware through a hardcoded list of credentials.