Unknown hackers attack computers and resources around the world again. This new virus is called BadRabbit and security researchers have come up with an early “vaccine”against the virus, which should cure systems from becoming infected.
“Create the following files c:\windows\infpub.dat && c:\windows\cscc.dat – remove ALL PERMISSIONS (inheritance) and you are now vaccinated. :)”
I can confirm – Vaccination for #badrabbit:
Create the following files c:windowsinfpub.dat && c:windowscscc.dat – remove ALL PERMISSIONS (inheritance) and you are now vaccinated. 🙂 pic.twitter.com/5sXIyX3QJl
— Amit Serper (@0xAmit) October 24, 2017
Wallets mentioned in the hackers’ messages, according to Bitcoin wallet monitoring site, have had only three transactions yet – while the virus demands 0.05 BTC and promises to raise fees in the future, these transactions are very little and almost certainly made by those who search for hackers as a test of some kind. The media previously stated there were no transactions on these wallets at all. Yet another hacker team puts the reputation of cryptocurrencies in jeopardy…
The main countries that this ransomware bubbled up is Russia and Ukraine but it also appears to be affecting Germany and Turkey, though it is not fully known as of this moment. There are also unconfirmed sightings in the United States. In case with Russia, even big media companies were attacked, including Interfax and Fontanka.
Thanks to the fact that these hackers use Bitcoin, we can at least deduce who felt for their promises of decryption (no one, it turns out, as people learned from WannaCry and other previous ransomware attacks that racketeers rarely fulfill their promises).
And yes, please check every Adobe Flash update file for viruses. BadRabbit authors chose fake Adobe Flash update executables as the primary means of infiltration to the system.