I’ve created a table comparing the EternalPetya (ExPetr, NotPetya, etc.) outbreak from June, and the BadRabbit ransomware outbreak from yesterday (2017-10-24).
I have decided to not include WannaCry (WanaCrypt0r), as they are not related, while EternalPetya and BadRabbit do seem very closely related, or even developed by (a part of) the same people.
Use freely, as long as you include a link to the original source, which is this blog post.
Download the table / comparison sheet
Additionally, you may find this image as a handy spreadsheet (which you can also download in several formats) on Google Docs here:
Note: this table or sheet will be updated continuously.
Purpose of BadRabbit?
Again, this makes you wonder about the actual purpose of ransomware, which you can read more about here: The purpose of ransomware
For BadRabbit in particular, it may be deployed as a cover-up or smokescreen, or for both disruption and extortion.
As for any prevention advise, have a look at the following page I’ve set up:
Disinfection and decryption
Unfortunately, decryption is likely not possible without the cybercriminal’s private key.
You may also try to restore the MBR first, and consequently attempt to restore files using Shadow Volume Copies. For example, a tool such as Shadow Explorer can be of assistance, or read the tutorial here.
This is a Security Bloggers Network syndicated blog post authored by Bart. Read the original post at: Blaze's Security Blog