A new form of ransomware that is similar to the wave of Petya-ransomware has struck organisations in Russia and Ukraine. The so-called ''Bad Rabbit-ransomware'' has temporarily shut down the subway network of Kiev and several Ukranian ministries. 

The ransomware seemed to have been pointed towards company networks according to Alex Perekalin of the security company Kaspersky.

Flash Player

According to several sources the attacks have originated from a network of Russian mediawebsites. The cyber criminals placed a false update for Flash player on these websites which activated the ransomware when downloaded by a visitor of the website. The ransomware then starts to crawl your network and uses a list of commonly used passwords to find passages into your networks.

Just like the strategy of Petya, the hard drive of an infected pc will be encrypted and files will be overwritten. By paying 240 euro's, the victim can acquire the files again although it is not yet known if paying will actually return the file.

Victimized organisations should block c:\\windows\infpub.dat and c:\\Windows\cscc files and turn-off the Windows WMI-service, so that the ransomware can't spread any further in the system.

Victims and Attackers

Besides Ukraine and Russia, organisations in Turkey and Bulgaria were also hit by the Bad Rabbit attacks. The infections happened at the same time as the attacks in Ukraine and Russia. It is likely that the attacks have been carried out by the cyber criminals that spreaded the Petya-ransomware.