{"id":3034,"date":"2017-11-22T06:42:50","date_gmt":"2017-11-22T06:42:50","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=3034"},"modified":"2020-08-18T22:48:26","modified_gmt":"2020-08-18T17:18:26","slug":"beware-badrabbit-ransomware","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/","title":{"rendered":"Beware Of BadRabbit Ransomware"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2731\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/09\/ransomware.png\" alt=\"Ransomware\" width=\"650\" height=\"300\" srcset=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/09\/ransomware.png 650w, https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/09\/ransomware-300x138.png 300w, https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/09\/ransomware-225x104.png 225w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><\/p>\n<p>Just when we thought 2017 has seen its share of <a href=\"https:\/\/enterprise.comodo.com\/ransomware-attacks.php\" target=\"_blank\" title=\"Ransomware\">ransomware attacks<\/a>, yet another surfaced recently. Named BadRabbit, researchers have found out that it&#8217;s a rehash of NotPetya&#8217;s code. But thankfully has not been as effective as WannaCry or NotPetya. Among the affected, the most significant have been Ministry of Infrastructure, Ukraine, Odessa&#8217;s airport, Kiev&#8217;s subway and two other Russian media groups.<\/p>\n<p>Resources suggest BadRabbit requests a ransom of .05 Bitcoin which roughly translates as $276 USD. Of the 15 countries which have been targeted so far, the most affected have been Russia, with 71 percent of detections observed, followed by Ukraine (14 percent) and Bulgaria (8 percent).<\/p>\n<p><strong>BadRabbit Used Russian-Based News Sites<\/strong><\/p>\n<p>Interfax and Fontanka, both Russian-based news websites, where used largely to spread the<strong> BadRabbit ransomware<\/strong> via what seems to be a watering hole attack. There were two goals behind the attack: 1) to collect money and 2) to disable the infected company&#8217;s operations. The injected malicious script prompted visitors to the website to download a fake Adobe Flash installer update. One executed, BadRabbit sets to work.<\/p>\n<p><strong>How Does BadRabbit Spread?<\/strong><\/p>\n<p>Having successfully infected a computer, BadRabbit goes on to infect other computers within the network by using a set of default login and password combinations used for lateral movement within the local network. It also makes use of Mimikatz, to extract other combinations used by the infected user.<\/p>\n<p>Mimikatz exploits a process in Windows called LSASS (Local Security Authority Subsystem Service) which stores passwords used during various authentication sessions. It scans LSASS&#8217; memory and collects various credential pairs and then dumps them out, which is then used by BadRabbit to encrypt remote shares and to spread to additional machines.<\/p>\n<p><strong>Preventing BadRabbit Ransomware Attack<\/strong><\/p>\n<p>If your Windows folder (c:\\Windows\\) contains a file named cscc.dat, then you are safe. If not, you can create this file by creating a text file and renaming it to cscc.dat and saving it in c:\\Windows\\ folder.<\/p>\n<p><strong>Additional security measures include:<\/strong><\/p>\n<p>Using <a href=\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/virus-removal-windows-pc\/\" target=\"_blank\" rel=\"noopener\">Antivirus <\/a>Package for Virus Protection: Comodo Antivirus does a great job of protecting your PC(s) <a href=\"https:\/\/antivirus.comodo.com\/free-antivirus.php\" target=\"_blank\" rel=\"noopener\">virus protection<\/a>. Although not effective against a <a title=\"\u201dWhat is Ransomware?\" href=\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/what-is-ransomware\/\" target=\"_blank\" rel=\"noopener\">ransomware<\/a> this is a security precaution every PC user must take.<\/p>\n<p>Keeping Your Software and Systems Up-to-Date: This can be done manually or in case you are running an enterprise, then by using Comodo Patch Management software, which allows system administrators to roll out security fixes in a systematic and timely fashion.<\/p>\n<p>Using Endpoint Security Software: Way better than the above two options. And definitely a must-have if you have a network. Comodo <a href=\"https:\/\/www.comodo.com\/endpoint-protection\/endpoint-security.php\" target=\"_blank\" rel=\"noopener\">Endpoint Protection<\/a> is something which you can consider. Pretty effective against combating ransomware.<\/p>\n<p>Taking General Precautions: Stay away from shady websites, exercise caution while downloading stuff, do not open any suspicious links or attachments from unknown senders and other similar stuff which can get your system infected. Be a cautious internet user, not a gullible one.<\/p>\n<p><strong>Conclusion:<\/strong><\/p>\n<p>Our Comodo One group of products which offers services like <a href=\"https:\/\/www.itarian.com\/patch-management.php\" target=\"_blank\" rel=\"noopener\">Patch Management<\/a>, <a title=\"What is rmm?\" href=\"https:\/\/www.itarian.com\/rmm.php\" target=\"_blank\">Remote Monitoring and Management<\/a> and other IT security essentials can be of great help to you if you wish to <a href=\"https:\/\/www.comodo.com\/landing\/comodo-conducts-webinar-on-protection-against-ransomware\/\" target=\"_blank\" rel=\"noopener\">protect your networks from ransomware attacks<\/a> like BadRabbit, Petya or Not-Petya and the likes of others as well.<\/p>\n<p><a href=\"https:\/\/antivirus.comodo.com\/download\/thank-you.php?prod=cloud-antivirus&#038;track=16678&#038;af=16678\" target=\"_blank\" rel=\"noopener\" onclick=\"ga('send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Download', eventLabel: 'Bottom FREE DOWNLOAD banner Product AV'});ga('nT.send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Download', eventLabel: 'Bottom FREE DOWNLOAD banner Product AV'});\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-8604\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2018\/04\/Comodo-Free-Antivirus.png\" alt=\"comodo antivirus\"\/><\/a><\/p>\n<p><a href=\"https:\/\/secure.nurd.com\/home\/purchase.php?pid=109&#038;af=16166\" target=\"_blank\" rel=\"noopener\" onclick=\"ga('send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Click', eventLabel: 'GET COMPLETE PROTECTION banner Product CIS Pro'});ga('nT.send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Click', eventLabel: 'GET COMPLETE PROTECTION banner Product CIS Pro'});\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8604\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2020\/08\/complete-antivirus.png\" alt=\"comodo antivirus\" width=\"650\" height=\"83\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just when we thought 2017 has seen its share of ransomware attacks, yet another surfaced recently. Named BadRabbit, researchers have found out that it&#8217;s a rehash of NotPetya&#8217;s code. But thankfully has not been as effective as WannaCry or NotPetya. Among the affected, the most significant have been Ministry of Infrastructure, Ukraine, Odessa&#8217;s airport, Kiev&#8217;s [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":2752,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[9,130],"class_list":["post-3034","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-computer-safety","tag-antivirus","tag-badrabbit-ransomware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Beware Of BadRabbit Ransomware | Comodo Antivirus<\/title>\n<meta name=\"description\" content=\"Reaearchers have found a new ransomware named BadRabbit that requests a ransom of .05 Bitcoin which roughly translates as $276 USD. Know more now!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Beware Of BadRabbit Ransomware | Comodo Antivirus\" \/>\n<meta property=\"og:description\" content=\"Reaearchers have found a new ransomware named BadRabbit that requests a ransom of .05 Bitcoin which roughly translates as $276 USD. Know more now!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"Comodo Antivirus Blogs | Anti-Virus Software Updates\" \/>\n<meta property=\"article:published_time\" content=\"2017-11-22T06:42:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-08-18T17:18:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-antivirus.png\" \/>\n\t<meta property=\"og:image:width\" content=\"650\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"seo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"seo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/\",\"name\":\"Beware Of BadRabbit Ransomware | Comodo Antivirus\",\"isPartOf\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-antivirus.png\",\"datePublished\":\"2017-11-22T06:42:50+00:00\",\"dateModified\":\"2020-08-18T17:18:26+00:00\",\"author\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\"},\"description\":\"Reaearchers have found a new ransomware named BadRabbit that requests a ransom of .05 Bitcoin which roughly translates as $276 USD. Know more now!\",\"breadcrumb\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/#primaryimage\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-antivirus.png\",\"contentUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-antivirus.png\",\"width\":650,\"height\":300,\"caption\":\"virus protection for android\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/antivirus.comodo.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Beware Of BadRabbit Ransomware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/\",\"name\":\"Comodo Antivirus Blogs | Anti-Virus Software Updates\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\",\"name\":\"seo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"caption\":\"seo\"},\"url\":\"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Beware Of BadRabbit Ransomware | Comodo Antivirus","description":"Reaearchers have found a new ransomware named BadRabbit that requests a ransom of .05 Bitcoin which roughly translates as $276 USD. Know more now!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/","og_locale":"en_US","og_type":"article","og_title":"Beware Of BadRabbit Ransomware | Comodo Antivirus","og_description":"Reaearchers have found a new ransomware named BadRabbit that requests a ransom of .05 Bitcoin which roughly translates as $276 USD. Know more now!","og_url":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/","og_site_name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","article_published_time":"2017-11-22T06:42:50+00:00","article_modified_time":"2020-08-18T17:18:26+00:00","og_image":[{"width":650,"height":300,"url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-antivirus.png","type":"image\/png"}],"author":"seo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"seo","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/","url":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/","name":"Beware Of BadRabbit Ransomware | Comodo Antivirus","isPartOf":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/#primaryimage"},"image":{"@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-antivirus.png","datePublished":"2017-11-22T06:42:50+00:00","dateModified":"2020-08-18T17:18:26+00:00","author":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462"},"description":"Reaearchers have found a new ransomware named BadRabbit that requests a ransom of .05 Bitcoin which roughly translates as $276 USD. Know more now!","breadcrumb":{"@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/#primaryimage","url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-antivirus.png","contentUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-antivirus.png","width":650,"height":300,"caption":"virus protection for android"},{"@type":"BreadcrumbList","@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/beware-badrabbit-ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/antivirus.comodo.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Beware Of BadRabbit Ransomware"}]},{"@type":"WebSite","@id":"https:\/\/antivirus.comodo.com\/blog\/#website","url":"https:\/\/antivirus.comodo.com\/blog\/","name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462","name":"seo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","caption":"seo"},"url":"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/3034","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/comments?post=3034"}],"version-history":[{"count":24,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/3034\/revisions"}],"predecessor-version":[{"id":14977,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/3034\/revisions\/14977"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media\/2752"}],"wp:attachment":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media?parent=3034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/categories?post=3034"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/tags?post=3034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}