A Bad Rabbit has suddenly emerged in Russia and Ukraine and is wrecking computers there with amazing impunity. The reference here is to a new malware that is targeting computers, encrypting the data in the process and is demanding a ransom of 0.05 Bitcoins to set things back to normal.
So far, business establishments seem to be the main target with an airport and an underground railway station in Ukraine already affected. Similarly, at least three media houses in Russia too are among the victims while the malware is spreading further to other European countries.
The Russia based Kaspersky anti-virus firm has stated they are keeping a close tab on the developments though an anti-dote does not seem to be available just yet. Cyber experts meanwhile have confirmed Bad Rabbit exhibits quite a few similarities with Petya and WannaCry, the other two malware that had earned notoriety earlier in the year.
Also, much like Petya, Bad Rabbit also has a similar strategy to spread to other computers – via the Windows Management Instrumentation Command-line. The above serves as an interface for device management in a network environment. This again has led Kaspersky to believe it is the same group that had developed Petya are also behind Bad Rabbit. Also, the latest attack seems to be in the works since July when Petya was let loose.
Another security firm Eset said the malware was also disguised in the form of an Adobe Flay update which tricked many into falsely believing it to be a genuine Flash update that their system would benefit from. Unfortunately, they downloaded the malware itself in the process.
So far, there is no way paralyzed computers can be restored. The affected systems are led to a page on the Tor browser displaying the message that the system has been encrypted and are left with less than 41 hours to act. Price to decrypt data and restore back normalcy is 0.05 Bitcoins (about $280) though prices would go up once the 41-hour deadline is breached.
Authorities have discouraged companies to pay the ransom but haven’t stated what other options they have.