'Bad Rabbit' ransomware hits multiple countries in large-scale cyberattack

BAD RABBIT. Screenshot of Bad Rabbit countdown timer from https://www.group-ib.com/blog/badrabbit

MANILA, Philippines – A new ransomware attack is making its way across Russia, Ukraine, and other parts of Eastern Europe, security researchers explained on Wednesday, October 25.

The ransomware, called "Bad Rabbit," has affected a number of countries, including Russia, Ukraine, Bulgaria, Germany, Turkey, and Japan.

According to a brief from online threat intelligence firm Group-IB, Bad Rabbit has "affected computers and servers of the Kiev metro, the Ministry of Infrastructure, and Odessa International Airport, as well as a number of state organizations in the Russian Federation. Victims in the Russian Federation included Federal news sites and commercial organizations."

#BadRabbit #cryptor attacked a number of Russia's major media. @interfax_news pic.twitter.com/5iLNs131Ml

— Group-IB (@GroupIB_GIB) October 24, 2017

Motherboard added the ransomware tells victims to log into a Tor hidden service website to pay a ransom of 0.05 bitcoin, which is valued at around $280. The site also sets up a time limit to pay the ransom, increasing the ransom amount asked for if it isn't met before the countdown ends.

COUNTDOWN TIMER. The BadRabbit ransomware countdown timer. Screenshot from Group-IB brief on BadRabbit at https://www.group-ib.com/blog/badrabbit

Researchers at Proofpoint and Kaspersky said the ransomware was spread using a fake Adobe Flash Player installer distrbuted as a trap in compromised legitimate sites.

Kaspersky's report also noted the booby-trapped websites "were news or media websites." – Rappler.com