Bad Rabbit malware raises fears of third global ransomware attack

A ransomware attack that has commonalities with WannaCry NotPeya is reportedly hitting organisations in Russia, Ukraine, Turkey, Bulgaria and Germany.

Five months after the WannaCry and four months after the NotPetya global attacks, a new variant dubbed Bad Rabbit has reportedly hit almost 200 targets, including media organisations, an airport and an underground railway.

Most attacks to date have been reported in Russia, where Bad Rabbit is encrypting computers and demanding 0.05 bitcoins, equivalent to £210 or $277, raising fears of a third global ransomware attack.

Just as NotPetya spread by hijacking the updating mechanism of the MeDoc Ukrainian accounting software, Bad Rabbit appears to be spreading through a bogus Adobe Flash update, according to security firm Eset.

Russian security firm Kaspersky Lab reports that the attack does not use exploits, but is a drive-by attack, meaning victims download a fake Adobe Flash installer from infected websites and manually launch the .exe file, infecting themselves.

Bad Rabbit appears to be a targeted attack against corporate networks, said Kaspersky Lab, using methods similar to those used in the ExPetr (also known as NotPetya) attack.

Like WannaCry and NotPetya, Bad Rabbit appears to be mainly aimed at causing disruption and is reportedly using the Microsoft Windows server message block (SMB) protocol, but in a different way, and uses an algorithm very similar to one found in the NotPetya code.

Continue reading…