Bad Rabbit ransomware virus attacking the information systems of more than 200 government agencies and private organizations was detected. Note that the virus penetrates into the system under the name Win32 / Diskcoder.D, Trojan-Ransom.Win32.Gen.f, Win32 / Tibbar, Troj / Ransom-ERK.
The virus, which spread rapidly in countries such as Russia, Turkey, Ukraine and Germany, is a modified version of the Petya virus. The attacker blocks the computer system and requires redemption of 0.05 bitcoin (~ $ 285).Thus, the virus spread through notification of pop-up ad in a fictitious update of Adobe Flash Player for users of some Russian media sites. In addition, when users access these dangerous web pages, they are redirected to sites containing malicious files.
Note that research in connection with the decryption of the encrypted systems without payment of redemption is still being conducted.
Electronic Security Center (ESC) under the Ministry of Transport, Communications and High Technologies brings to the attention of users the following security measures to protect against the existing threat:
- To prevent malware from spreading through the network, it is necessary to deactivate the WMI (Windows Management Instrumentation Command-Line) service;
- Back up the computer files (text, photo, video, audio) to another device;
-To remove the vulnerabilities on the Windows operating system, it is urgent to update (download and install patch);
-Do not open unknown files sent by e-mail and do not follow the links that are unfamiliar to you;
- Do not install applications from unofficial sources;
- Do not operate the system as an administrator, if it is not necessary;
- Make sure you use up-to-date antivirus with active and antivirus databases;
- In the event that a certain antivirus program is not used, use antivirus program Microsoft Defender.