A new widespread ransomware attack called Bad Rabbit is spreading rapidly throughout Europe and has already affected over 200 major organizations, mainly in Russia, Ukraine, Turkey and Germany.
The "Bad Rabbit”(Translated as bad rabbit), behaves like Petya, targeting ransomware attacks against corporate networks, requiring 0.05 bitcoin casualties (about $ 285 dollars) as ransom to unlock their systems.
According to a first analysis provided by Kaspersky, ransomware was distributed through a drive, using a fake version of Adobe Flash Player to drive its victims into installing malicious software.
However, ESET security researchers have been detected Bad Rabbit as "Win32 / Diskcoder.D", a new variant of Petya ransomware, also known as Petrwrap, NotPetya, exPetr and GoldenEye.
Bad Rabbit ransomware uses DiskCryptor, an open source encryption software for the entire hard drive, to encrypt the infected computer files with RSA 2048 keys.
In the ransom note that leaves the ransomware, as you can see in the photo, it asks the victims to log in to a Tor website to make the payment. The message displays a countdown of 40 hours before the ransom price rises.
Hitherto affected organizations include the Russian news agencies Interfax and Fontanka, payment systems in the Kiev subway, Odessa International Airport and the Ministry of Infrastructure of Ukraine.
Researchers continue Bad Rabbit's analysis looking for a way to decipher computers without paying ransom but also how to stop further spreading.
Kaspersky proposes to disable WMI to prevent the spread of malicious software over your network.
Most ransomware attacks are done through phishing emails, malicious ads on websites and through third party applications. So you should always be careful when opening strangers' documents sent via an email or clicking on links in those documents.
Also, never download any third-party apps without reading the reviews.
We would suggest you read the comments even before installing apps from official stores. Always have a backup of your data through a routine that is set to copy to an external storage device that is not always connected to your computer. And of course, make sure you run a good, up-to-date and effective anti-virus program on your system.