The malware dubbed Bad Rabbit has so far affected three Russian websites, according to cyber threat intelligence firm Group-IB.

Ransomware is wreaking havoc through Russia, Ukraine and potentially further afield, in a breakout similar to WannaCry and NotPetya.

The ransomware appears to be a variant of the Petya ransomware

While Reuters reported that an underground railway in the Ukraine capital Kiev and an airport in the nation have also been affected by the Bad Rabbit ransomware.

Infected machines display a red-on-black message that requests victims login to a website hidden on the Tor network and make a payment of 0.05 Bitcoins, which is currently around £214. Victims have to pay up within around 40 hours if they want to have their files decrypted or the price goes up.

Read More : Ransomware Cyber Attack hits 74 countries

At the time of writing, there is no indication of who is behind the attacks and the number of organisations and people affected by it.

Bad RabbitBad Rabbit ransomware

Cyber security firm ESET noted that the malware that affected the Kiev station is a variant of the infamous Petya ransomware, which NotPetya – also known as ExPetya –  was also derived from.

ESET’s research and that of cyber security firm Kaspersky also uncovered that the malware has been spread through a fake Adobe Flash Player Installer hidden on booby-trapped legitimate websites.

The problems with Bad Rabbit is that is was not detected by a lost of anti-virus and security software as malicious.

And according to Christiaan Beek, lead scientist at McAfee, noted Bad Rabbit encrypts a variety of common files, such as .doc and .jpg files.


So far the Bad Rabbit campaign does not appear to be as widespread as the WannaCry and NotPetya campaigns.

“According to our data, most of the victims targeted by these attacks are located in Russia. We have also seen similar but fewer attacks in Ukraine, Turkey and Germany,” said Vyacheslav Zakorzhevsky, head of the anti-malware research team at Kaspersky Lab.

This ransomware infects devices through a number of hacked Russian media websites. Based on our investigation, this has been a targeted attack against corporate networks, using methods similar to those used during the ExPetr attack. However we cannot confirm it is related to ExPetr. We continue our investigation.”

With this in mind it would appear there is more research needed before the extend of the Bad Rabbit spread, its source and its targets can be identified with some certainty.

More news you might be interested in

Pakistani Official websites hacked on Independence... Indian hackers targets Pakistani Official websites on 14th August Pakistan's Independence day ahead of Indian Independence day on 15th August. Stil...
Ransomware Cyber Attack hits 74 countries LONDON - As many as 74 countries have been hit by a huge, fast-moving and global ransomware attack that locks computers and demands the digital equiva...
WannaCry ‘Kill Switch’ Creator Arreste... WannaCry 'Kill Switch' Creator Arrested in Vegas -The security researcher credited with stopping the spread of a massive cyberattack earlier this year...
Microsoft Word Affected By Zero-Day Attack Hackers are exploiting a previously undisclosed vulnerability in Microsoft Word, which security researchers say can be used to quietly install differe...
WhatsApp soon get Facebook-like coloured text Stat... WhatsApp is testing the same colourful text statuses for its Status tab that Facebook rolled out last year. According to a report in Android Police, t...


Please enter your comment!
Please enter your name here