Yesterday, a newly released Ransomware virus was reported and despite the fact that it hasn’t been around for long, it has already infected a significant number of computer. The name of the Ransomware is Bad Rabbit and most of its victims are from Eastern Europe. So far, the virus has attacked computers in Russia, Bulgaria, Ukraine and Turkey – the number of infections is rapidly going up at the time of writing.
Some of the more notable victims of this virus are the Kiev subway network and the Odessa airport in Ukraine, the Ukrainian Ministry of Infrastructure as well as several Russian news agencies such as Fontanka and Interfax. The Ransomware seems to have spread very quickly within a short period of time. The speed and scale of this Ransomware attack is reminiscent of two other instances of Ransomware outbreaks earlier this year, namely, the outbreaks of the WannaCry and the NotPetya viruses which occurred in May and June respectively.
Distribution of Bad Rabbit
Primarily, Bad Rabbit is being distributed through fake Flash updates to which users got redirected from legitimate websites that have been hacked by the cyber criminals. Additionally, the malware seems to be able to spread itself to other computers connected to an already infected machine which is likely one of the reasons behind the rapidly increasing number of infiltrated PCs during the last 24 hours.
Users are advised to be careful if a Flash update request suddenly pops-up on their screen out of the blue. Avoiding such suspicious updates is essential as the Bad Rabbit virus is currently highly-active and claiming new victims by the minute. As reported by Kaspersky, the majority of hacked sites which redirected to the fake Flash update that downloads the Ransomware are news websites.
PC and data lockdown
Bad Rabbit seems to be a sophisticated virus that combines two types of Ransomware activity making it significantly difficult to deal with the an infection from it. The virus locks both the personal files of the PC’s user as well as the access to the computer by replacing the Master Boot Record (MBR). In layman’s terms this means that if you land Bad Rabbit it would first encrypt your files and then restart your PC. Once the computer restarts, however, it won’t boot into Windows. Instead, you will be displayed a ransom-demanding note on your screen that will not allow your machine to load into Windows. This boot ransom note lockscreen is similar to the way two other notorious Ransomware viruses have been known to operate – Petya and NotPetya.
Once displayed, the ransom-demanding note states that unless you make a payment of 0.05 BitCoin (approximately 280 USD) , your PC and your files will stay locked for good. To make things even worse for the user, the Ransomware gives a deadline of 40 hours – if the payment isn’t made within this time period, the requested ransom sum would get increased.
In addition to the PC lockdown, as we already mentioned, the user’s files would also get encrypted which would make them inaccessible without the decryption key. This means that even if the victim somehow manages to go past the ransom note and loads their PC into Windows, their data documents would still be locked by the virus. Something unusual about the file encryption is that the extension of the file doesn’t get changed after the process is finished.
Once the virus has finished locking-up your files and establishing the replaced MBR, it would automatically execute two scheduled tasks that would reboot your PC so that it would load into the ransom-note lockscreen. One peculiar thing that researchers have pointed out regarding the code of the virus is that it contains a lot of references to the Game of Thrones TV series – a lot of the virus’ tasks seem to have been named after characters from Game of Thrones. In fact, this isn’t actually the first instance of a virus program having references to the popular HBO TV series.
You must stay protected!
Apparently, Bad Rabbit is one of those highly-advanced pieces of Ransomware into which a lot of work has been put by the hackers who have created them. Currently, it is rather unlikely for a regular user to manage to handle such a virus threat. Even though experts are working on coming up with solutions to this piece of malware, at this moment, it is simply best if you minimize the chances of ever getting your PC infected by it. Therefore, be sure to stay safe on the Internet and keep an eye out for any questionable Flash update requests as well as other shady web content. We will make sure to keep our readers updated on any new information that is made available regarding this new nasty virus.