Skip to main content

Bad Rabbit Attack

By November 7, 2017May 14th, 2019News

No, this is not the rabbit from Monty Python and the Holy Grail, this is a new cyber-attack. At the time of writing this article the attack has hit Russia, the Ukraine, and parts of Europe,  and is even starting to spread into the US.

The Bad Rabbit ransomware is spread by way of drive-by downloads on infected websites. There are no exploits being used for this. It is disguised as a Flash update, where you are prompted to install an update, but instead are given a malicious file.

Users who get infected are prompted with a screen to pay within the first 40 hours otherwise the price will go up. The starting demand is 0.05 bitcoin which ends up being about $285.  However, there are more troubling things about this ransomware…

If this ransom note looks familiar it is because it is based on the Petya/Not Petya ransomware that took the world by storm over the summer. The ransomware is able to move laterally across an infected network too, so it is not confined to just the original infected machine. Initially it was reported that the ransomware was coming from media organizations and infrastructure in Russia and the Ukraine, but it has since spread to other countries as well.

Avast created a map of BadRabbit attacks to show you its reach:

At this time it is unknown who is behind it, it is suspected that the creator could have also been behind the NotPetya attack from the summer, but as always victims are encouraged not to pay. If you are searching the web always be wary of anything that might appear not quite right. When it comes to downloads, it is always better to go directly to the software’s website directly for updates if you are unsure.