MANILA, Philippines – A new ransomware attack is making its way across Russia, Ukraine, and other parts of Eastern Europe, security researchers explained on Wednesday, October 25.

The ransomware, called “Bad Rabbit,” has affected a number of countries, including Russia, Ukraine, Bulgaria, Germany, Turkey, and Japan.

According to a brief from online threat intelligence firm Group-IB, Bad Rabbit has “affected computers and servers of the Kiev metro, the Ministry of Infrastructure, and Odessa International Airport, as well as a number of state organizations in the Russian Federation. Victims in the Russian Federation included Federal news sites and commercial organizations.”

#BadRabbit #cryptor attacked a number of Russia’s major media. @interfax_news pic.twitter.com/5iLNs131Ml

— Group-IB (@GroupIB_GIB) October 24, 2017

Motherboard added the ransomware tells victims to log into a Tor hidden service website to pay a ransom of 0.05 bitcoin, which is valued at around $280. The site also sets up a time limit to pay the ransom, increasing the ransom amount asked for if it isn’t met before the countdown ends.

Researchers at Proofpoint and Kaspersky said the ransomware was spread using a fake Adobe Flash Player installer distrbuted as a trap in compromised legitimate sites. 

Kaspersky’s report also noted the booby-trapped websites “were news or media websites.” – Rappler.com