What is BadRabbit Ransomware?
This new ransomware seems to be a variation of Petya with a similar lockout screen. As of October 24, 2017, BadRabbit has hit Russia and Eastern Europe, but is expected to spread to other countries. The attackers are asking the victim to pay a ransom in bitcoins to recover their files. It will send the victim a message stating “their files are no longer accessible” and “no one will be able to recover them without our decryption service.”
BadRabbit Screen Lock
Image: Malwarebytes
Sample BadRabbit Payment Page
Image: Malwarebytes
The victim needs to be on an infected website, while on that website they are prompted to perform and Adobe® Flash Player update.
Sample asking to install Adobe® Flash Update
Image: Malwarebytes
Protect yourself against BadRabbit by making sure your network and any device connected to the network are up to date. Companies that have Malwarebytes for Windows, Malwarebytes Endpoint Protection, and Malwarebytes Endpoint Security are protected from BadRabbit.