Notis Keselamatan ICT: Bad Rabbit Ransomware

Potential Massive Intrusion and Malware Hosting on Malaysian Websites by Bad Rabbit Ransomeware

Introduction
National Cyber Coordination and Command Centre (NC4) has received information of
possible massive intrusion and malware hosting targeting Malaysian websites.

Impact
Information loss, service disruption and integrity of information compromised.

Impacted Platforms
Regards to Flash Adobe update

Brief Description
A new strain of ransomware nicknamed “Bad Rabbit” has been found spreading in Russia,
Ukraine, Turkey and Germany. The malware has affected systems at three Russian
websites, an airport in Ukraine and an underground railway in the capital city, Kiev.
The malware is still undetected by the majority of anti-virus programs, according to
analysis by virus checking site Virus Total. Many security firms have said that the malware
was distributed via a bogus Adobe Flash update. Bad Rabbit encrypts the contents of a
computer and asks for a payment – in this case 0.05 bitcoins, or about $280 (£213).

Recommendation:
Agency and Security Operation Centres (SOCs) are required to take the following actions:

  1. Update your critical assets with the latest security patches and updates;
  2. Warn your users not to open or click on unsolicited mails and links with/without
    attachments;
  3. Ensure that anti-virus/anti-malware signatures are up to date and functioning;
  4. Block or restrict access to every port and services except for those that should be
    publicly available;
  5. Monitor your environment closely for any anomalies;
  6. Do not pay the ransom to the perpetrators;
  7. Do not install any suspicious Adobe Flash update;
  8. Block connections to the following websites:
    a) http://1dnscontrol[.]com/
  9. If you suspected that your servers have been compromised, reset all usernames
    and passwords; and
  10. Report any anomalies happening within your network and enterprise environment
    to NC4.