Badrabbit: ransomware attack spreads across europe

Throughout 2017 we have experienced two major ransomware attacks worldwide. The most serious and intense was WannaCry, but we also had NotPetya. Now, a new ransomware attack is spreading quite rapidly in Eastern Europe. This is BadRabbit, which is already wreaking havoc in Russia and Ukraine.

BadRabbit: Ransomware attack spreads across Europe

Companies and public bodies are falling victim to this ransomware attack. The Kiev metro, Odessa airport, which was also a victim of WannaCry or Russian media. It turns out to all that they have been victims of BadRabbit and that they have to pay an amount in Bitcoins to unlock their computers and recover the files.

BadRabbit also extends through the browser

There are several companies investigating the situation and claim that it is connected with NotPetya. Mainly because it is attacking the same pages as the previous ransomware. At the moment the origin is unknown, although seeing the countries it is attacking, both Russia and Ukraine are the possible origin of this attack. The expansion method is through the Windows Management Instrumentation Command-line (WMIC).

They are also using Mimikatz, a tool to obtain passwords for affected computers. One of the methods to be infected is to download and execute a file from the browser, through a Javascript injection on the web or a separate.js file. Affected users are asked to pay 0.05 Bitcoins (238 euros).

BadRabbit appears to be targeting attacks in Eastern European countries. No cases have been reported in more countries, but we will have to be vigilant in their progress. BadRabbit is one more attack of this type, which seems to have become commonplace. If any of you were infected, it is recommended not to pay the ransom at any time.