A new cyber attack is impacting computer systems across Europe, with a ransomware strain known as “Bad Rabbit” causing disruption in Russia, Ukraine, Turkey, and Germany. Kaspersky Lab, which is actively monitoring the malware, has drawn comparisons to the WannaCry and Petya attacks that wreaked havoc earlier in the year.
Most of the victims appear to be in Russia, and it’s suspected that the ransomware infiltrated devices through compromised websites of Russian media organizations, including Interfax and Fontanka. This is as a targeted attack against corporate networks, resembling the ExPetr attack, although confirmation of a direct link to ExPetr is still pending.
The cybercriminals responsible for Bad Rabbit are locking down computers and demanding a ransom of 0.05 Bitcoin (£220) from victims in exchange for device restoration. However, security experts strongly advise against paying the ransom, as it can encourage further attacks, and there’s no assurance that the attackers will actually remove the malware from the affected device.
If a person clicks on the malicious installer, BadRabbit ransomware encrypts files and presents users with an austere black-and-red message. It reads in part: “If you see this text, your files are no longer accessible. You might have been looking for a way to recover your files. Don’t waste your time.”
The text demands around $280 in Bitcoin and gives a 40-hour deadline for payments to be made. Victims reported that making the payment did unlock their files, though this isn’t always the case in other ransomware attacks.
The ransom fee is expected to increase in the near future. It’s essential to remember that in May, the “WannaCry” ransomware attack caused widespread disruptions worldwide by shutting down critical computer systems in hospitals, factories, and businesses.
Preventing ransomware attacks like Bad Rabbit is critical to safeguard computer systems. Regularly updating and patching software can help close vulnerabilities that ransomware exploits. Implementing robust email security measures can reduce the risk of phishing emails that often deliver ransomware.
Backing up data regularly, both onsite and offsite, ensures that data can be restored without paying a ransom. Organizations should also deploy strong endpoint protection solutions and network monitoring to detect and mitigate threats in real-time. Lastly, never pay the ransom, as it only fuels further attacks and does not guarantee the removal of the malware.