After Wannacry and Petya new, dangerous ransomware appeared. “Badrabbit” also encrypts data. Most affected organisations are located in Russia and Eastern Europe, a small number of companies in Germany and also Turkey are affected, too. Until now there are only a few organisations which reported Badrabbit, it seems that the attacks are targeted and the ransomware won’t spread like Petya or Wannacry.
Still unclear: Who is behind those attacks? What we know at this point: The code shares many lines with Petya and doesn’t use the EternalBlue exploit. Badrabbit spreads across networks but uses fake flash updates to get into a system. To prevent your system from Badrabbit, Kaspersky Lab recommends to block the execution of the following file: ‘c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.’
Read the whole article on ZDnet.
