Technology

How the Bad Rabbit ransomware infects systems

First WannaCry and Petya outbreaks. And now Bad Rabbit. Time to act and make sure that our infrastructure is protected. Security vendors have protections available but we need to use caution while using systems.
The ransomware is using a fake flash player update notification on unsuspecting users computers via a number of malicious/compromised websites. When users visit one of the compromised websites, they are redirected to another website that is hosting the malicious file.
The malware also appears to be using the Eternal Romance exploit to propagate in the network. This exploit takes advantage of a vulnerability described in the Microsoft MS17-010 security bulletin. So we should make sure that we have the right windows patches installed as well.
Patching and hardening as a standard and scheduled practice help with avoiding a hack in the first place.