What is BadRabbit Ransomware?

This new ransomware seems to be a variation of Petya with a similar lockout screen.   As of October 24, 2017, BadRabbit has hit Russia and Eastern Europe, but is expected to spread to other countries.  The attackers are asking the victim to pay a ransom in bitcoins to recover their files.  It will send the victim a message stating “their files are no longer accessible” and “no one will be able to recover them without our decryption service.”

BadRabbit Screen Lock


Image: Malwarebytes

Sample BadRabbit Payment Page

Image: Malwarebytes

The victim needs to be on an infected website, while on that website they are prompted to perform and Adobe® Flash Player update.

Sample asking to install Adobe® Flash Update

Image: Malwarebytes

 

Protect yourself against BadRabbit by making sure your network and any device connected to the network are up to date.  Companies that have Malwarebytes for Windows, Malwarebytes Endpoint Protection, and Malwarebytes Endpoint Security are protected from BadRabbit.