How to recover files encrypted by BadRabbit ransomware?

Researchers at Kaspersky Lab has discovered that some victims may be able to recover their files without paying any ransom.   The discovery was made by that analyzed the encryption functionality implemented by the ransomware: the Bad Rabbit leverages the open source library DiskCryptor in order to encrypt the user files, but uses the same screen…

BadRabbit ransomware: suggested readings

Spreads via network, currently hits Russia, Ukraine, Germany, Japan, and Turkey   A variant of Petya/NotPetya/EternalPetya called BadRabbit and probably prepared by the same authors has infected several big Russian media outlets. BadRabbit uses SMB to propagate laterally with a hardcoded list of usernames and passwords. However, unlike NotPetya, it doesn’t use EternalBlue. Below some suggested…

How to verify that Wannacry patch is correctly installed

In a big company, with a lot of windows systems, checking the correct patching for Wannacry could be a little tricky. Security update MS17–010 addresses several vulnerabilities in Windows SMB v1 exploited by the WannaCrypt ransomware. However, the KB that contains that update differs between Windows versions, and some times it could be included into service…