النسخة العربية

Oman National CERT Towards a safe cyber environment

The 7th Regional Cybersecurity Summit

The 7th Regional Cybersecurity Summit

ITU-ARCC is organizing The 7th Regional Cybersecurity Summit which is kindly hosted by CITRA Kuwait on 21- 22 October 2018.

View
The 6th Arab Regional Cyber Drill

The 6th Arab Regional Cyber Drill

ITU-ARCC is organizing the 6th Arab Regional Cyber Drill (ALERT) for the Arab Region ,Kuwait (CITRA) from 23-25 October 2018.

View
Oman Threat Hunter 2018

Oman Threat Hunter 2018

“THREAT HUNTER” a national competition that is organized by ITU-Arab Regional Cybersecurity Center (ITU-ARCC) in a partnership with Silensec ...

View
Guide Manual for Reporting Abuse Through Social Media

Guide Manual for Reporting Abuse Through Social Media

This guidance booklet is written to facilitate reporting abuse process through Social Media and afford easy, smooth, and clear way of guidance to report over social media correctly.

View
Cybersecurity Specialized Training Courses

Cybersecurity Specialized Training Courses

Oman National CERT in cooperation with the Arab Regional Cybersecurity Center (ARCC) is conducting a series of specialized training in cybersecurity hosted in Oman.

View

Media Center

Share it

Online Incidents Report
Request OCERT Services
Information Security Glossary

OCERT News

 

Bad Rabbit Ransomware

OCERT Latest News

26/Oct/2017


This is a Threat Notification and Alert Service (TNAS) from the Oman National CERT (OCERT). This is an advisory about a new type of Ransomware called (Bad Rabbit) which has been found spreading in Russia, Ukraine and elsewhere. The malware has affected systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city, Kiev.

  • Severity: High
  • Date: October 25, 2017
  • Advisory Title: Bad Rabbit Ransomware

What is Bad Rabbit Ransomware? 
“Bad Rabbit “is a new type of ransomware malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. It spreads through redirecting victims to malware web resource from legitimate news websites. Where a victim downloads a fake Adobe Flash installer from infected websites and manually launch the .exe file.

Impact:
Once the Adobe Flash is downloaded, the virus will affect the machine and encrypt the files, then replaces the Master Boot Record (MBR). Files will not be decrypted unless you pay the ransom.

Recommendations:
  • Ensure that the firewall and other security devices are up to date.
  • Keep your operating system Up-to-date.
  • Keep your Antivirus software up-to-date.
  • Backup Regularly: To always have a tight grip on all your important files and documents, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.
  • Beware of web Phishing: Always be suspicious to download contents from untrusted websites and never click on links inside those websites unless verifying the source.
References:


  • News Archive