Bad Rabbit Ransomware – What is it?

Print Friendly, PDF & Email

Context:

A suspected variant of Petya, Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it.

What is BadRabbit and how does it work?

  • A new ransomware campaign, dubbed Bad Rabbit, has hit a number of high profile targets in Russia and Eastern Europe.
  • BadRabbit spreads via fake Adobe Flash updates, tricking users into clicking the malware by falsely alerting the user that their Flash player requires an update.
  • BadRabbit incorporates the use of Mimikatz to extract credentials (an open source tool that has been used in previous attacks) to extract common hard-coded credentials such as Admin, Guest, User, root, etc. There is also evidence that BadRabbit ransomware is using a legitimate tool — DiskCryptor — to encrypt the victim’s data.
  • Once the victim’s PC is infected and their data encrypted, BadRabbit reboots the system.