Trend Micro is tracking multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world. A suspected variant of Petya, Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. Trend Micro assures its customers that the latest version of of its security products provides effective protection against this ransomware attack.
What is BadRabbit and how does it work?
BadRabbit spreads via fake Adobe Flash updates, tricking users into clicking the malware by falsely alerting the user that their Flash player requires an update. BadRabbit incorporates the use of Mimikatz to extract credentials (an open source tool that has been used in previous attacks) to extract common hard-coded credentials such as Admin, Guest, User, root, etc. There is also evidence that BadRabbit ransomware is using a legitimate tool — DiskCryptor — to encrypt the victim’s data. Once the victim’s PC is infected and their data encrypted, BadRabbit reboots the system and the following message is displayed after reboot:
Based on our initial analysis, Bad Rabbit spreads to other computers
by dropping copies of itself over the network.
Trend Micro Security customers can take to ensure they’re protected from BadRabbit:
1. Make sure you are using the latest version of Trend Micro Security. You can check here if you already have the latest version or follow instructions here to upgrade Trend Micro Security to the latest version. Upgrades to the latest version of Trend Micro Security are free.
2. Make sure your Trend Micro Security has the latest Security and Program updates. You can check here to manually update your Trend Micro Security.
Trend Micro Security Trend Micro Security provides online protection against malware and ransomware using advanced machine learning- based technology. so you can enjoy your digital life safely. It helps protect you from identity theft, viruses, phishing, online scams, and more. Trend Micro Security keeps your valuable files safe from ransomware with Folder Shield, by allowing only authorized applications to access the protected folders such as your documents, photos, music, and videos. Folder Shield can even protect cloud- synced folders such as Dropbox, Google Drive, and Microsoft OneDrive.
For more information on how to get protected please call Channel IT at 22256811 in Cyprus or +00302109340115 in Greece.