I've created a table comparing the EternalPetya (ExPetr, NotPetya, etc.) outbreak from June, and the BadRabbit ransomware outbreak from yesterday (2017-10-24).
I have decided to not include WannaCry (WanaCrypt0r), as they are not related, while EternalPetya and BadRabbit do seem very closely related, or even developed by (a part of) the same people.
Use freely, as long as you include a link to the original source, which is this blog post.
 | |
|
Download the table / comparison sheet
Additionally, you may find this image as a handy spreadsheet (which you can also download in several formats) on Google Docs here:
EternalPetya_BadRabbit_Comparison
Note: this table or sheet will be updated continuously.
Purpose of BadRabbit?
Again, this makes you wonder about the actual purpose of ransomware, which you can read more about here: The purpose of ransomware
For BadRabbit in particular, it may be deployed as a cover-up or smokescreen, or for both disruption and extortion.
Prevention
As for any prevention advise, have a look at the following page I've set up:
Ransomware prevention
Disinfection and decryption
Unfortunately, decryption is likely not possible without the cybercriminal's private key.
You may be able to restore the MBR, or your files, if you catch the ransomware in the act, and shutdown the machine at that point. Reboot in safe mode and copy over or back-up your files.
Then, Restore the MBR, and reinstall Windows.
You may also try to restore the MBR first, and consequently attempt to restore files using Shadow Volume Copies. For example, a tool such as Shadow Explorer can be of assistance, or read the tutorial here.
If that doesn't work either, you may try using a data recovery program such as PhotoRec or Recuva
Any questions, comments or feedback, please do let me know in the comments section below, or send me a message on Twitter. See also my About me page for other contact details.
No comments:
Post a Comment