A new strain of ransomware is spreading across Europe at a fast enough pace to elicit anxious noises from security companies - and initial comparisons with NotPetya - with at least five countries reportedly affected so far.
The company says most victims are in Russia, and experts think the ransomware appears infected devices through the hacked Russian media websites. A previous, widespread ransomware outbreak, dubbed both Petya and NotPetya, hit multiple targets in Ukraine in June, then infected entire companies around the globe, including shipping giant Maersk and the global pharmaceutical company Merck. BadRabbit is moving through networks in Russia, Turkey, and Bulgaria locking down computers and asking for Bitcoin payment to regain access. Bad Rabbit infects Windows computers and relies exclusively on targets manually clicking on the installer, Kaspersky Lab said.
So far there haven't been any attacks seen in the UK.
Yesterday (24 October) security researchers began observing notifications of mass attacks that hit organisations and consumers in Russian Federation and Ukraine.
The ransomware has been targeting organisations and consumers, mostly in Russian Federation but there have also been reports of victims in Ukraine, Turkey and Germany, according to the antivirus and internet security software company. Once infected, a system is used to spread the malware as a worm by attacking network usernames and passwords based on an internal dictionary.
Preliminary analysis indicates the malware is professionally developed and incorporates a variety of advanced measures created to allow it to rapidly infect large government and corporate networks.
Unlike WannaCry and NotPetya, Bad Rabbit hasn't spread widely. Kaspersky Labs' blog post said the executable file dispci.exe appears to be derived from DiskCryptor and is being used by Bad Rabbit as the disk encryption module.
Director of security product management at Mimecast, Steve Malone says ransomware season is open again with the rise of Bad Rabbit.
Once Bad Rabbit infects a computer, it displays a message in orange letters on a black background.
BadRabbit encrypts the contents of a computer and promises to release the data for 0.05 bitcoins (about $276).
According to Wisniewski, partners can play a key role in helping customers during such ransomware attacks. The firm also blocks the known Internet distribution points with its web protection technology and Sophos CryptoGuard stops the attack on any exposed endpoints using Sophos Intercept X. As with all forms of ransomware, paying the money is no guarantee of getting your data back. Microsoft has provided some useful guidance here network administrators can follow to protect their organizations against Bad Rabbit.