A new ransomware, dubbed Bad Rabbit, which affected computers at over 200 major organizations primarily in Russia, Ukraine, Germany, and Turkey has spread across Europe using a leaked NSA exploit exposed by Shadow Brokers.
Researchers from Kaspersky Lab compared the ransomware to Petya and WannaCry, which caused a lot of damage in the beginning of 2017. Kaspersky Lab also added the virus is infecting users’ computers via hacked websites of different Russian based media outlets.
“…Our analysis confirmed that Bad Rabbit uses the EternalRomance exploit as an infection vector to spread within corporate networks. The same exploit was used in the ExPetr.
“Our observations suggest that this been a targeted attack against corporate networks, using methods similar to those used during the ExPetr attack. What’s more, the code analysis showed a notable similarity between the code of ExPetr and Bad Rabbit binaries.”
The hackers, who developed the Bad Rabbit, are encrypting systems and are demanding 0.05 Bitcoin, which is USD: 285.14 or GBP: 217.18 (as on 28/10/2017). They are threatening the victims with the price rising if they don’t pay within 48 hours.
How to Protect Yourself from Bad Rabbit?
In order to protect yourself from Bad Rabbit, you are advised to disable WMI service to prevent the malware from spreading over your network.
Kaspersky recommends you should start backing up your data, and do not pay the ransom. In case you get affected, you can simply wipe your hard-drives and install a fresh operating system.