Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
'Bad Rabbit' Ransomware Attacks Rock Russia, Ukraine - and Beyond
Threaded  |  Newest First  |  Oldest First
jtemme
100%
0%
jtemme,
User Rank: Strategist
10/25/2017 | 10:24:15 AM
Re: Backup and Restore Protocols ONCE AGAIN
40 minutes is pretty good, not sure how big your network is or how your users/org would be effected by that down time but certainly you've been inconvenienced.  Also, if someone in the transportation sector is down for any length of time this could cause widespread travel delays and numerous other problems for both the organization and its customers.  So just one example of why this is important news and how a ransomware attack could affect a large group of people.  Your comments seem a bit flippant and arrogant and certainly don't add any value to the topic at hand.
davidryann
50%
50%
davidryann,
User Rank: Apprentice
10/27/2017 | 10:18:28 AM
Bad Rabbit Ransomware
A new ransomware attack named BadRabbit is spreading through Russia, Ukraine, and other Eastern European countries.

i was reading an article, have great information regarding this issue.

https://www.ivacy.com/blog/bad-rabbit-things-you-need-to-know-about-this-ransomware/
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/27/2017 | 1:15:00 PM
Re: Bad Rabbit Ransomware
"Bad Rabbit Ransomware"

As like the others, ransomware players think that this is a very lucrative job, so it will never stop.
jtemme
100%
0%
jtemme,
User Rank: Strategist
10/27/2017 | 3:30:52 PM
Re: Bad Rabbit Ransomware
Nice share!
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/27/2017 | 1:11:40 PM
Re: Backup and Restore Protocols ONCE AGAIN
"Backup and Restore Protocols "
I think backup and restores is less likely a solution here, it needs to be isolated systems to avoid troubles after ransomware attack. To prevent it , that is another game.
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
10/27/2017 | 1:13:35 PM
Re: Backup and Restore Protocols ONCE AGAIN
"length of time this could cause widespread travel delays and numerous other problems"

I agree, that is one of the reasons is prevention strategies rather than recovery methods after the attack has to be focus.
jtemme
50%
50%
jtemme,
User Rank: Strategist
10/27/2017 | 3:20:25 PM
Re: Backup and Restore Protocols ONCE AGAIN
Right, the person I was replying to has deleted their posts so my reply may seem out of context but your comments about isolating systems is on piont, as well as your mention of prevention so the down time doesn't occur is the first place.
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
10/27/2017 | 1:08:08 PM
Kaspersky
Obviously Kaspersky is in the new lately a lot. They may be in a real trouble now.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/27/2017 | 1:16:46 PM
Adobe Flash installer?
 

"No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer."

Does anybody still install Adobe Flash installer? I though it is already dead. I guess will see it for a while.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/27/2017 | 1:27:53 PM
Re: Adobe Flash installer?
Flash just won't die. =/
Mr Phen375
50%
50%
Mr Phen375,
User Rank: Apprentice
10/28/2017 | 1:52:47 AM
The person behind
Anyone knows who is behind "Bad Rabbit" Ransomware?
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/30/2017 | 7:39:38 AM
Re: The person behind
Group IB out of Russia says it's "highly likely" the attackers behind Bad Rabbit are the same ones who launched NotPetya in June of 2017 against Ukraine energy, financial, and telecommunciations organizations.


DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18934
PUBLISHED: 2019-11-19
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
CVE-2012-6070
PUBLISHED: 2019-11-19
Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.
CVE-2012-6071
PUBLISHED: 2019-11-19
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.
CVE-2012-6135
PUBLISHED: 2019-11-19
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
CVE-2016-10002
PUBLISHED: 2019-11-19
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.