It might not be seasonally appropriate — aren’t bunnies the mascots of spring? — but a new malware named Bad Rabbit has exploded across Russia and Eastern European countries. Following in the footsteps of WannaCry and NotPetya, Bad Rabbit is a particularly nasty ransomware which encrypts a user’s files and threatens to keep them hidden until users pay the requested price. With the holidays fast approaching, individuals and businesses hardly want to succumb to this malicious digital rodent. Read on to learn as much as you can about the wayward bunny that endangers your most precious files.
Bad Rabbit ransomware operates through a series of “drive-by attacks” which compromise insecure websites and download onto unsuspecting web users’ machines. Though it might look like your browser is installing an Adobe Flash Player update, once you open the file, you’ll find your computer locking down tight. Then, a ransom note will appear:
“If you access this page your computer has been encrypted. Enter the appeared personal key in the field below. If succeed [sic] you’ll be provided with a bitcoin account to transfer payment. The current price is on the right. Once we receive your payment you’ll get a password to decrypt your data. To verify your payment and check the given passwords enter your assigned bitcoin address or your personal key.”
Next to this message, there is a timer steadily counting down and a price. If victims act fast, they can retrieve their data for the low price of .05 bitcoin — which amounts to about $346.50 at the time of writing. If no payment is received in 40 hours, the price goes up.
Where Bad Rabbit Came From
Bad Rabbit made a cataclysmic entrance in Eastern Europe in the last week of October when in a period of 24 hours it incapacitated three major Russian news and media websites, the underground railway in Kiev, Ukraine, and the Odessa airport. In the days following, the ransomware has gone on to attack more than 200 targets, most of which are in Russia, Ukraine, Turkey, and Germany. As yet, security experts have been unable to trace Bad Rabbit to a country or group of hackers, but a number of similarities with previous malware are providing authorities with valuable clues to its origins.
During the summer, another ransomware attack called NotPetya — named such because it masquerades as an earlier ransomware called Petya — exploded across the same region as Bad Rabbit. It utilized a number of exploits discovered by the NSA to gain administrative access over systems and networks, forcing users to pay ransoms or lose functionality for good. Fortunately, Bad Rabbit seems to be using the same methods as NotPetya; unfortunately, experts still don’t know who, exactly, that is. Until security professionals identify these cybercriminals and apprehend them, it’s likely their destructive attacks will continue.
It seems obvious that this ransomware won’t hop off with just a carrot. Using DiskCryptor software to encrypt hard drives and specifically hiding and encrypting common file types like .doc, .docx, and .jpeg, Bad Rabbit isn’t easy to remove from machines without paying the ransom. Still, authorities warm those afflicted by any ransomware to avoid succumbing to temptation and paying the fine; it only encourages cybercriminals to persist in this behavior, and there is no guarantee you will get your files back. Instead, you should disconnect your device from any networks, use anti-malware tools to purge your system, recover what files you can, and file a police report.
The best way to survive a Bad Rabbit attack is to prepare ahead of time. You should equip your machine with maximum internet security tools, which will direct you away from potentially dangerous websites and scan downloads for malware before you open them. Additionally, you should backup your device often, so you can restore your files completely without much effort. Finally, you should stay alert for signs of corruption on your network and webpages and practice safe computer habits, including using strong passwords and avoiding public connections.
Why Ransomware Will Only Get Worse
As yet, Bad Rabbit seems like a less effective strain of ransomware, especially compared to WannaCry which debilitated the entire National Health Service of the U.K. However, ransomware is steadily becoming more insidious, creeping onto more machines and performing more sinister acts. Security professionals predict forthcoming ransomware strains to find incriminating files on users’ computers and attempt blackmail as well as file theft. Worse, the ransom will likely become a diversion to keep users busy while criminals gain other valuables, such as social security numbers and addresses. If you get in the habit of staying safe from small-time ransomware like Bad Rabbit, you will likely be safe from these larger, looming threats.