A new widespread ransomware attack called Bad Rabbit is spreading rapidly throughout Europe and has already affected over 200 major organizations, mainly in Russia, Ukraine, Turkey and Germany.
The "Bad Rabbit”(Translated as bad rabbit), behaves like Petya, carrying out targeted ransomware attacks against corporate networks, demanding victims 0.05 bitcoin (about $285 dollars) as ransom to unlock their systems.
According to an initial analysis provided by Kaspersky, the ransomware was distributed via a drive using a fake Adobe installation version Flash Player to trick its victims into installing the malware.
However, ESET security researchers have been detected Bad Rabbit as "Win32 / Diskcoder.D", a new variant of Petya ransomware, also known as Petrwrap, NotPetya, exPetr and GoldenEye.
Bad Rabbit ransomware uses DiskCryptor, an open source encryption software for the entire hard drive, to encrypt the infected computer files with RSA 2048 keys.
In the ransom note that leaves the ransomware, as you can see in the photo, it asks the victims to log in to a Tor website to make the payment. The message displays a countdown of 40 hours before the ransom price rises.
Hitherto affected organizations include the Russian news agencies Interfax and Fontanka, payment systems in the Kiev subway, Odessa International Airport and the Ministry of Infrastructure of Ukraine.
Researchers continue Bad Rabbit's analysis looking for a way to decipher computers without paying ransom but also how to stop further spreading.
Kaspersky proposes to disable WMI to prevent the spread of malicious software over your network.
Most ransomware attacks are done through phishing emails, malicious ads on websites and through third party applications. So you should always be careful when opening strangers' documents sent via an email or clicking on links in those documents.
Also, never download any application from third-party sources, without reading the relevant comments.
We would suggest reading reviews even before installing apps from official stores. Always have a backup of your data, through a routine that will be configured to create copies on an external storage device, which is not always connected to your computer. And of course, make sure you're running a good, up-to-date and efficient one program antivirus on your system.
