According to the latest reports recently, the security researchers from various well-known security firms have discovered that the well-known and severe threat BadRabbit ransomware has decided to avoid this Antivirus.
BadRabbit Ransomware Decided To Avoid This Antivirus
In TechViral we already informed you last October about the presence of this threat on the Internet. Its activity has been increased, especially by the arrival of the Christmas period. Security experts have discovered an aspect less curious of this threat: BadRabbit is able to avoid the protection offered by the security tools of the Russian company Dr. Web.
In this case, when we talk about avoiding, the result is not satisfactory for the threat.
Security experts have applied reverse engineering to one of the executables of this threat. During the analysis, they discovered that if the team executes any of the 4 processes related to the security tools of the Russian firm, its flow stops. Or what is the same, do not try to do anything, or encrypt the information located on the computer or extend to other network equipment. In addition to the FireEye security company, it has also been confirmed by Cylance. However, the motive that has led the owners of this threat to carry out this programming is not known with certainty.
From Dr. Web, they have also wanted to keep up with this behaviour. Indicate that it is true that at the moment of detecting one of the products in the system the “normal” operation of the threat stops. They indicate that the owners of BadRabbit “are afraid” of the products of the firm. The reality is that, from Dr. Web, they have managed to put an end to several malware attacks.
BadRabbit is very dangerous
For all those who do not know what we are talking about, the threat, once it reaches the computer, the first thing it is looking for is the encryption of the MBR of the disk. This makes the starting of the equipment impossible.
From Dr. Web indicate that, when the Windows computer is still starting the processes of the system, it has been detected that on some occasions the encryption has begun at that early stage. Or what is the same, when the processes of the security tool of the Russian firm have not yet begun.
It is not the only family of safety products that avoid this threat
Security experts indicate that abnormal behaviour also occurs in computers running Windows operating system and the presence of McAfee security solutions.
As in the previous case, after the reboot, the computer seeks to carry out the encryption of the disk information. What it does postpone is its expansion to other computers in the network.
Most of the equipment that is affected by BadRabbit is located in Eastern Europe, the United States and some areas of northern Europe. For the moment, our country is excluded from the area of dissemination of this threat. However, it is still early to know what will happen shortly.
We must remember that the threat appeared for the first time in the month of October. According to the analysis carried out by security experts, they indicate that the route of this ransomware is much longer.
So, what do you think about this? Simply share all your views and thoughts in the comment section below.