It is widely known that Ransomware viruses are one of the nastiest forms of malware – landing one such noxious programs oftentimes means that you will either have to make a ransom payment to the hacker who has invaded your PC or be left with your computer or personal files locked-up by the virus. The good news is that not all Ransomware viruses manage to get distributed to a lot of PCs. The bad news is that yesterday, one new Ransomware has had an outbreak and for a relatively short amount of time has managed to infect a very big number of computers.
The name of this new malware threat is Bad Rabbit. Most infected machines are from Eastern Europe – countries like Russia, Bulgaria, Ukraine and Turkey got hit the hardest. One thing to note about those recent infections is that the victims are not only regular users but also the PC networks of a number of Eastern European organizations have been attacked as well. For example, the subway system in the city of Kiev (Ukraine) or the Odessa airport (Ukraine) in addition to the Ukrainian Ministry of Infrastructure. Several Russian news agencies also have fallen prey to the Bad Rabbit. Throughout the year of 2017, two similar instances of rapidly-spreading Ransomware viruses occurred – the WannaCry and the NotPetya Ransomware outbreaks.
If you need help removing Bad Rabbit, we have a removal guide prepared for you.
Hacked websites spread the virus via fake Flash updates
The main method used to spread the Bad Rabbit infection is through fake Flash update requests that users get redirected to from various legitimate websites that have been hacked to push the fake updates. Once the user gets tricked to download and install such an update, the virus infects the computer. However, as revealed by security researchers at ESET and Proofpoint, the virus utilizes a secondary distribution model through which it is able to spread to computers that are connected to the same network as an already infected system. This is what has most likely allowed the Ransomware to infect such a big number of machines for the small period of time that ha passed since its release.
How does Bad Rabbit work?
Bad Rabbit is a rather sophisticated piece of Ransomware that locks both your PC and your data. Once the infection begins, the malware would first use encryption on your personal data files in order to make them inaccessible without a special decryption key. However, instead of stopping there, the virus would then move on to modify your computer’s MBR (Master Boot Record) – the result from this is that the next time your machine gets restarted, it wouldn’t boot into Windows as it normally would. Instead, once your computer starts, a ransom note lockscreen would get displayed on your monitor that cannot be bypassed. This basically means that you wouldn’t be able to use your PC whatsoever until the lockscreen gets removed.
The lockscreen ransom note created by Bad Rabbit and the way it restricts the access to the PC is reminiscent of the Petya and NotPetya Ransomware. However, the researchers at the software security company Intezer point out that only a small percentage of the code in Bad Rabbit (≈ 13%) has been reused from the NotPetya virus.
The ransom demand
The lockscreen ransom note contains a message to the owner of the attacked PC – as stated in the note, if the malware’s victim wants to regain access to their PC and files, they would need to make a ransom payment to the hacker. Instructions on how to make the transfer are provided inside the message. The demanded sum is 0.05 BitCoin or about 280 USD. There is also a timer that counts down 40 hours – a deadline given to the user to pay the money. Once the time expires, the demanded sum is said to go up.
Apart from encrypting your data files and modifying the MBR of the computer, Bad Rabbit carries out an additional tasks once everything else has been set up. Once the Ransomware has done its job and is ready to begin with the blackmailing, it automatically triggers a PC restart so that your machine would get locked after it begins to boot up.
You must stay protected!
There is still a lot that isn’t known about this new and highly dangerous piece of malware. Security experts are doing their best to reveal more information about the hazardous Ransomware threat that is Bad Rabbit but so far, the chances of landing such a virus and managing to deal with it without actually paying the demanded money are rather low. Therefore, we strongly advise our readers to take the necessary precautions so that their machines do not get infected by this Ransomware. Be very vigilant every time you go online and be on the lookout for any questionable and unexpected Flash updates or any other fishy-looking web content so that you can avoid any interaction with it.