On 24 October 2017 (Tuesday), a new ransomware was let loose on the Internet. It is known as Bad Rabbit and seems to bear similar characteristics to the infamous NotPetya ransomware.
Victims of Bad Rabbit
Organizations in Russia and Ukraine were the initial casualties of this ransomware – they include Ukraine’s Ministry of Infrastructure, Kiev’s public transportation system and the Russian news service Interfax. By Tuesday evening, the infection reportedly spread to Turkey and Germany. There were alerts from Bulgaria, Japan, Poland, South Korea, and the United States as well.
How the infection started
Bad Rabbit ransomware appears to have infected its victims by posing as a bogus Adobe Flash installer on compromised news and media websites in Russia.
After infecting the first machine in a network, Bad Rabbit digs out login credentials stored on the machine and uses them to burrow into other machines in the network. Thereafter, it begins encrypting files (Windows Office, image, video, audio, email, etc.) before posting its ransom note. Bad Rabbit demands a ransom of 0.05 bitcoin (about $280 at the current exchange rate).
How to stay safe
Quick Heal successfully detects Bad Rabbit as follows:
Quick Heal Security Labs has presented a detailed analysis of how this ransomware works. You can go through it here.