The ransomware has been named Bad Rabbit by Kaspersky Lab though to be fair it seems that’s the name the creators of this malware gave to their weapon.
The ransomware has hit several Russian media outlets including Interfax and Fontanka news agencies according to Kaspersky Lab.
What is worrying about Bad Rabbit is that it doesn’t appear to use an exploit and instead delivers itself through a drive-by attack.
“Victims download a fake Adobe Flash installer from infected websites and manually launch the .exe file, thus infecting themselves,” wrote Kaspersky Lab.
The security firm says it has identified several websites that have been compromised, all of which are news outlets.
At the moment Bad Rabbit appears to be contained to Europe with attacks being registered in Ukraine, Germany, Russia and Turkey as well.
To add to the worries internet security firm Sophos says that Bad Rabbit might contain the same password stealing and spreading mechanism that ExPetr used.
“What makes this malware more dangerous than your typical ransomware being distributed in a similar manner is its ability to spread across an organization as a worm and not just through email attachments or vulnerable web plugins. It is rumored to contain the same password stealing and spreading mechanism as NotPetya, allowing it to traverse an enterprise and cripple it in no time,” Chester Wisniewski, principal research scientist at Sophos told us.
The criminals are demanding a ransomware 0.05 Bitcoin (~R3 804) but as of time of writing it is unclear if the files encrypted by Bad Rabbit can be decrypted.[Source – Kaspersky Lab] [Image – Kaspersky Lab]