After WannaCry and Petya, another ransomware has started spreading through Russia, Ukraine and other Eastern European countries. The new ransomware named BadRabbit, like WannaCry and Petya before it is also targeting corporate networks and computer systems used by leading business organisations.
According to Wired, BadRabbit has already affected Kiev's subway system, Odessa International Airport in Ukraine and computers used by several Russian media companies. The ransomware is tied to NotPetya's authors and security firms including ESET and Kaspersky are currently tracking its reach. BadRabbit also spreads via Windows Management Instrumentation Command-Line using credentials obtained using an open-source tool like Mimikatz.
Kaspersky says that it has found 30 hacked sites responsible for distribution of BadRabbit malware. "This indicates that the actors behind ExPetr/NotPetya have been carefully planning the BadRabbit attack since July," Kaspersky told Wired in a note.
Once infected, the attackers display a ransom message and affected users are redirected to a page on the Tor browser. The creators of BadRabbit are demanding 0.05 Bitcoins (about $275) within around 41 hours in exchange for the decryption of the data and gain access to the machine. The ransom increases after the expiry of time.
Like Petya, BadRabbit is also infecting several government agencies and businesses mostly in Ukraine and Russia. ESET estimates that BadRabbit has infected only 12.2 percent of victims in Ukraine while 65 percent of victims are in Russia. There is no clarity on who is behind the spread of this new ransomware but it definitely traces its roots back to Petya.