Just months after Wannacrypt crippled the world in fear, a new ransomware has emerged across Europe and a few other places. This new ransomware is called Bad Rabbit; it uses brute-forcing NTLM login credentials in Windows and a bunch of other exploits to encrypt files on an affected computer.
Victims of this ransomware are being redirected to a site on the darknet from legitimate news websites. Users are prompted to install the malware which is disguised as Adobe Flash player. Upon installation, all their files get encrypted, and the victim is asked for a payment of 0.05 Bitcoin ($276.85 at the time of publication) to gain access to the encrypted files. Kaspersky Lab has identified almost 200 targets in Turkey and Germany.
When the disguised program is installed, the malicious DLL is saved as C:\Windows\infpub.dat which, in turn, installs the malicious executable file. The spyware also installs a modified bootloader, so users lose complete access to their computer.
Submitted by: Arnfried Walbrecht