Bad Rabbit: Ten things you need to know about the latest ransomware outbreak

It's the third major outbreak of the year - here's what we know so far.
By Danny Palmer | October 25, 2017

A new ransomware campaign has hit a number of high profile targets in Russia and Eastern Europe.

Dubbed Bad Rabbit, the ransomware first started infecting systems on Tuesday 24 October, and the way in which organisations appear to have been hit simultaneously immediately drew comparisons to this year's WannaCry and Petya epidemics.

Following the initial outbreak, there was some confusion about what exactly Bad Rabbit is. Now the initial panic has died down, however, it's possible to dig down into what exactly is going on.

1. The cyber-attack has hit organisations across Russia and Eastern Europe

Organisations across Russian and Ukraine -- as well as a small number in Germany, and Turkey -- have fallen victim to the ransomware. Researchers at Avast say they've also detected the malware in Poland and South Korea.

•••••

2. It's definitely ransomware

Those unfortunate enough to fall victim to the attack quickly realised what had happened because the ransomware isn't subtle -- it presents victims with a ransom note telling them their files are "no longer accessible" and "no one will be able to recover them without our decryption service".

Victims are directed to a Tor payment page and are presented with a countdown timer. Pay within the first 40 hours or so, they're told, and the payment for decrypting files is 0.05 bitcoin -- around $285. Those who don't pay the ransom before the timer reaches zero are told the fee will go up and they'll have to pay more.

•••••

4. It spreads via a fake Flash update on compromised websites

The main way Bad Rabbit spreads is drive-by downloads on hacked websites. No exploits are used, rather visitors to compromised websites -- some of which have been compromised since June -- are told that they need to install a Flash update. Of course, this is no Flash update, but a dropper for the malicious install.

•••••

10. You can protect yourself against becoming infected by it

At this stage, it's unknown if it's possible to decrypt files locked by Bad Rabbit without giving in and paying the ransom - although researchers say that those who fall victim shouldn't pay the fee, as it will only encourage the growth of ransomware.

A number of security vendors say their products protect against Bad Rabbit. But for those who want to be sure they don't potentially fall victim to the attack, Kaspersky Lab says users can block the execution of file 'c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.' in order to prevent infection.