Please note that Webroot customers are protected from the Bad Rabbit – malware that is affecting computers across some Eastern-European countries, as well as Russia, Ukraine and Japan.
Here is what we know about Bad Rabbit thus far:
- it is a well-made piece of malware that uses a lot of clever tricks to spread; in many aspects, it is similar to NotPetya, which affected customers across the globe this summer;
- it has been successful as it has worm-like behavior, using embedded usernames and passwords to move laterally through the network;
- attackers used compromised websites, most of which are news sources local to the APAC/Eastern European region, as watering-hole infection vectors;
- When Bad Rabbit tries to restart your machine and encrypt data, Webroot SecureAnywhere, will prompt you with a warning about unauthorized Master Boot Record alternation. Webroot also blocks the files responsible for Bad Rabbit through the BrightCloud Threat Intelligence Platform.
Although Webroot customers are protected against Bad Rabbit, all users are recommended to maintain good cyber hygiene, including:
- limit Admin account usage to only employees who need it;
- don’t use easily guessable passwords;
- update Windows – Ransomware authors take advantage of unpatched systems;
- backup your data – Ransomware is crippled entirely if you have a backup copy of your data.