'Bad Rabbit' ransomware hits multiple countries in large-scale cyberattack

MANILA, Philippines – A new ransomware attack is making its way across Russia, Ukraine, and other parts of Eastern Europe, security researchers explained on Wednesday, October 25.

The ransomware, called "Bad Rabbit," has affected a number of countries, including Russia, Ukraine, Bulgaria, Germany, Turkey, and Japan.

According to a brief from online threat intelligence firm Group-IB, Bad Rabbit has "affected computers and servers of the Kiev metro, the Ministry of Infrastructure, and Odessa International Airport, as well as a number of state organizations in the Russian Federation. Victims in the Russian Federation included Federal news sites and commercial organizations."

#BadRabbit #cryptor attacked a number of Russia's major media. @interfax_news pic.twitter.com/5iLNs131Ml — Group-IB (@GroupIB_GIB) October 24, 2017


Motherboard added the ransomware tells victims to log into a Tor hidden service website to pay a ransom of 0.05 bitcoin, which is valued at around $280. The site also sets up a time limit to pay the ransom, increasing the ransom amount asked for if it isn't met before the countdown ends.

COUNTDOWN TIMER. The BadRabbit ransomware countdown timer. Screenshot from Group-IB brief on BadRabbit at https://www.group-ib.


Researchers at Proofpoint and Kaspersky said the ransomware was spread using a fake Adobe Flash Player installer distrbuted as a trap in compromised legitimate sites. 

Kaspersky's report also noted the booby-trapped websites "were news or media websites." – Rappler.com

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.