Bad Rabbit: New ransomware strikes computers in Eastern Europe and other countries

Adjust Comment Print

It has been dubbed Bad Rabbit, but this ransomware attack is potentially more costly than any swarm of killer bunnies your imagination could conjure up.

The malware experts suggest that the Bad Rabbit ransomware will spread around Europe anytime soon.

In Ukraine, the functioning of computer systems of Odessa worldwide airport (south) has been assigned. Kiev's metro system reported a hack on its payment system but said trains were running normally.

Interfax, one of Russia's largest news agencies, said some of its services were hit by the attack but expected them to be back online by the end of Tuesday.

So what do we know about Bad Rabbit?

Russia's Interfax news agency reported on Twitter that a hacker attack has taken out some of its servers and forced it to rely on its Facebook account for the time being.

Kaspersky Security Network (KSN) describes it as a previously unknown ransomware family. The websites are carefully selected for compromise so that they will have the most direct reach to the ultimate targets with minimal collateral damage.

Manchester United beat Swansea City in Carabao Cup fourth round
It was a sensational finish and the goal not only doubled United's lead but also doubled Lingard's tally for the game. Crystal Palace gained no respite from their Premier League struggles as they were beaten 4-1 away to Bristol City .

Bad Rabbit hit corporate networks in Russian Federation and Ukraine especially hard, according to multiple reports, and there were isolated reports of infections in Turkey, Bulgaria, Japan, Germany, Poland, South Korea and the United States by Tuesday evening.

Russian computer forensics and incident response firm Group-IB, which was among the first to report on the outbreak, said the miscreants behind the outbreak were requesting 0.05 BTC ($286, £217) for decryption.

CERT-UA, the Computer Emergency Response Team of Ukraine, also posted the "possible start of a new wave of cyber attacks to Ukraine's information resources" as reports of Bad Rabbit infections started to come in.

According to Wisniewski, partners can play a key role in helping customers during such ransomware attacks. This is a fairly uncommon method of malware distribution. Cybercriminals look for insecure web sites and plant a malicious script into HTTP or PHP code on one of the pages.

Looking ahead, Palo Alto says because the initial attack vector is through bogus updates, Bad Rabbit attacks can be prevented by just getting Adobe Flash updates from the Adobe website.

Researchers also noticed that Bad Rabbit makes references to the popular fantasy drama series Game of Thrones, naming two scheduled tasks after dragons Drogon and Rhaegal, throwing in a reference to the third dragon Viserion and also the character Grayworm.

What happens if you are infected?

For those who live under a rock, a ransomware is a type of program that locks infected computers and asks victims to pay ransom to restore access.