The latest strain of ransomware “Bad Rabbit” began spreading across Russia and Ukraine yesterday, with 3 Russian websites, a Ukraine airport and underground system been hit. Since then, there have been various reports of “Bad Rabbit” infections in Turkey, Bulgaria, Japan, Germany, Poland, South Korea and the United States. The U.S. Computer Emergency Readiness Team (US-CERT) which is run by the Department of Homeland Security, issued an alert about the ransomware worm but didn’t say whether any infections had been detected in the U.S or not. They have said it "discourages individuals and organisations from paying the ransom, as this does not guarantee that access will be restored".
How it works?
The Bad Rabbit ransomware enters networks when a user on your network runs a phony Adobe Flash Player installer posted on a hacked website, with the initial infections coming from a Russian news website. Other reports said websites based in Ireland, Denmark and Turkey have also been corrupted with the fake Flash installer and have been spreading the malware.
Once “Bad Rabbit” Ransomware has infected its first machine within a network, it then uses an opensource tool to find any login credentials stored on the machine, so it can spread to other machines. There are also some conflicting reports that BadRabbit uses the NSA’s EternalBlue tool, used by both NotPetya and the WannaCry Ransomware worm that spread in May, to spread through local networks.