On Tuesday, October 24, 2017, a new ransomware strain has been detected spreading throughout Russia, Ukraine and Eastern Europe. The codename “Bad Rabbit” was confirmed to attributed to the ransomware by Ukrainian authorities.
The attack is presented in the form of a fraudulent Adobe® Flash Player update, prompting the user to install an update. Once the system is compromised, the malware encrypts the systems files and demands a BitCoin ransom to unlock them. The attack initially pushed by compromising various media and news websites, as well as Russian financial institutions according to the Russian Central Bank.
Forcepoint has issued a study and statement on the Bad Rabbit cyberattacks one day after the attack, detailing the nature and infection process of the malware.
Upon receiving multiple reports of Bad Rabbit ransomware infections in several countries, US officials and the US computer readiness team “discourages individuals and organisations from paying the ransom, as this does not guarantee that access will be restored”.
The full report and disclosure of the attack by US-CERT can be found here.