A suspected variant of Petya, Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it.
What is BadRabbit and how does it work?
- A new ransomware campaign, dubbed Bad Rabbit, has hit a number of high profile targets in Russia and Eastern Europe.
- BadRabbit spreads via fake Adobe Flash updates, tricking users into clicking the malware by falsely alerting the user that their Flash player requires an update.
- BadRabbit incorporates the use of Mimikatz to extract credentials (an open source tool that has been used in previous attacks) to extract common hard-coded credentials such as Admin, Guest, User, root, etc. There is also evidence that BadRabbit ransomware is using a legitimate tool — DiskCryptor — to encrypt the victim’s data.
- Once the victim’s PC is infected and their data encrypted, BadRabbit reboots the system.