BadRabbit: New strain of ransomware hits Russia and Ukraine
A new strain of ransomware called BadRabbit (Ransom.BadRabbit) began spreading recently, 24 October 2017. BadRabbit is self-propagating, and can spread across corporate networks,
therefore Symantec is advising organisations to be particularly vigilant.
Key information is detailed below however you can read the full blog post here.
• BadRabbit has many similarities to the Petya. Both malware families use a similar style of ransom note and
employ a self-propagating spreading mechanism. Both threats also contain a component that targets the master boot record
(MBR) of an infected computer, overwriting the existing MBR.
• BadRabbit demands a ransom of 0.05 Bitcoin (approximately NZ$406.00).
• It uses tools that reduces the amount of detectable suspicious activity on an infected computer – making it
harder to identify.
• The initial infection method is through drive-by downloads on compromised websites. The malware is disguised as
a fake update to Adobe Flash Player.
• Most infection attempts have occurred in Russia however a small number of infection attempts have been logged in
other countries.