Bad Rabbit is the latest ransomware currently ravishing Russian computer networks

Reading time icon 2 min. read

Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Russian companies are under attack from a new ransomware variant dubbed Bad Rabbit.

Spread via infected web pages belonging to Russian media, the malware has already hit hundreds of targets in Russia, Ukraine, Eastern Europe and even Turkey.

This included taking down Interfax, the Russian news agency and the Odessa airport in the Ukraine.

“According to our data, most of the victims targeted by these attacks are located in Russia. We have also seen similar but fewer attacks in Ukraine, Turkey and Germany. This ransomware infects devices through a number of hacked Russian media websites,” said Kaspersky Lab’s Vyacheslav Zakorzhevsky, the head of the anti-malware research team, in a statement. “Based on our investigation, this has been a targeted attack against corporate networks, using methods similar to those used during the ExPetr[NotPetya] attack. However we cannot confirm it is related to [NotPetya].”

Those struck have important data files encrypted and are asked to pay 0.05 bitcoins (around $282) via a hidden service on the Tor dark web, or face having to pay more within 40 hours.

Currently, very few antivirus companies detect Bad Rabbit, which is delivered via a fake Adobe Flash update which may be signed and which has to be manually executed by the victim. It is however also spread horizontally in networks like WannaCry by brute forcing common network passwords, meaning a single careless person could place whole companies at risk.

Numerous anti-virus companies are however gearing up to defend against the attack, though it remains to be seen if the infection, which has spread as far as Germany, can be fully contained. This includes Microsoft’s Malware Protection Centre, who are actively investigating the infestation.

Windows Defender is one of the tools which can detect the infection.

Hopefully, remediation following the WannaCry scare early this year will mean there are now much fewer vulnerable PCs than before. Microsoft’s most consistent advice has always been to keep PCs updated to the latest version of all software, which should include the latest multi-layers security and mitigation technologies.


More about the topics: bad rabbit, malware, russia, security