There is a new strain of ransomware called “Bad Rabbit” spreading like wildfire around Europe. According to reports, the ransomware has already affected over 200 major organizations, primarily in Russia, Ukraine, Turkey, and Germany, in the past few hours.
According to a number of cybersecurity groups, including Kaspersky Labs and researchers at ESET and Proofpoint, the ransomware was distributed via drive-by download attacks, using a fake Adobe Flash update to lure victims to install malware unknowingly.
Once their computers are infected with the ransomware, users are sent to a darknet site where the malware demands a ransom of 0.05 Bitcoin (about $281, £215, or AU$365) in order to regain access to their encrypted files. As ever, there’s a time limit in which the user must pay up, following the expiry of which the amount demanded increases. They are given around 40 hours to make the payment, according to a countdown displayed on the site.
Security company ESET said that, like NotPetya, which spread around the world earlier this year, Bad Rabbit is a variant of the Petya ransomware. However, Kaspersky Labs said in a post that it can’t yet confirm that Bad Rabbit is related to NotPetya, but that it did use similar methods.
Security firm Kaspersky’s research suggests this is an attack on corporate networks, and so far there have been reported cyber attacks on Russian media companies Interfax and Fontanka.ru. There have also been attacks on Ukraine’s Odessa airport, the Kiev’s public transport system and Ukraine’s Ministry of Infrastructure. As of now, it’s unclear who is behind the attack.
However, security experts always advise people against paying the ransom, because it encourages more attacks. Earlier in May, the “WannaCry” ransomware attack forced hospitals, factories, and businesses around the world to shut down, while in June, NotPetya took down a number of Ukrainian government agencies and businesses, because they could not access their critical computer systems.