BadRabbit Ransomware Attack and Trend Micro Security Protection

  • Solution ID: 1118640
  • Last Updated: Oct. 26, 2017 5:50 AM (PST)
  • Applies to: Antivirus+ Security - 2018;Internet Security - 2018;Maximum Security - 2018;Premium Security - 2018;
  • BadRabbit Ransomware | Trend Micro Security

Trend Micro is aware of and is currently investigating the recent ransomware outbreak in the Ukraine, Russia, and other countries.

Early analysis indicates that this ransomware might have similar propagation techniques as the Petya ransomware family.

Media outlets have dubbed this attack as "BadRabbit".

We assure you that the latest version of Trend Micro Security provides effective protection against this ransomware attack.

Note: Get the latest information about Trend Micro protection against BadRabbit ransomware attack here.


Summary

BadRabbit has been reported to might have spread through the following scenarios:

  • Fake Flash updates
  • Incorporates itself through the use of Mimikatz, an open source tool that extracts plaintext passwords, hash, PIN code and kerberos tickets from memory, to extract credentials, and using a list of common hard-coded credentials such as Admin, Guest, User, root, etc.
  • Uses a legitimate tool, DiskCryptor, an open source full disk encryption system, which allows encryption of the computer's entire hard drive or individual partitions, for encryption of victim's systems
Solution

Here are the steps to make sure you are protected from BadRabbit:

  1. Make sure you are using the latest version of Trend Micro Security to stay safe from BadRabbit ransomware.
    You can check here if you already have the latest version or follow instructions here to upgrade Trend Micro Security to the latest version.

    Read: How Can Trend Micro Security protect me from Ransomware?

  2. Make sure your Trend Micro Security has the latest Security and Program updates. You can check here to manually update your Trend Micro Security.