What Is Bad Rabbit? Ransomware Paralyzes Train Stations, Airports and Media in Russia and Europe

bad rabbit malware badrabbit ransomware
The Bad Rabbit ransomware spreads between computers and networks in a "worm-like fashion." Chaloner Woods/Getty Images

An advanced cyberattack has hit media outlets and infrastructure in Russia, Ukraine and Eastern Europe, causing mass disruption

Cybersecurity researchers from Kaspersky described the malware, dubbed Bad Rabbit, in a blogpost on Tuesday, October 24. They explained how the previously unknown malware takes control of computer systems and encrypts data so that people can't access it.

A ransom is then demanded in order to unlock the computers.

Security researchers are comparing the Bad Rabbit ransomware to WannaCry, which disabled 300,000 computers earlier this year.

"Currently, it's unclear as to whether or Bad Rabbit will be able to reap the same damage as WannaCry, but undoubtedly businesses will be holding their breath," Jamie Graves, CEO of security firm ZoneFox, said in an email to Newsweek. "This highlights the need for a robust security posture, based on both technology and education."

Read more: Pornhub hijacked by hackers in massive malware campaign

Victims of the Bad Rabbit ransomware include the Kiev Metro and Odessa International Airport in Ukraine, as well as Russian news agency Interfax and other media organisations.

Bad Rabbit Ransomware: How does it work?

Bad Rabbit works by holding the infected computers and networks to ransom before spreading in a "worm-like fashion" to other computers.

The Kaspersky researchers describe the method of initial distribution as "drive-by attacks" that make use of a fake Adobe Flash installer that requires victims to click on it to execute the ransomware.

bad rabbit ransomware message
The Bad Rabbit ransomware message. Screengrab/ Kaspersky

Once infected, a ransom message appears on the device that states: "Oops! Your files have been encrypted. You might have been looking for a way to recover your files. Don't waste your time. No one will be able to recover them without our decryption service."

A link to a website hosted on the dark web is provided in order to make payment for a decryption password that the attackers claim will unlock the data.

"We've detected a number of compromised websites, all of which were news or media websites," the researchers said in their blogpost.

The researchers also noted that the cybercriminals behind Bad Rabbit appear to be fans of the popular book and TV series Game of Thrones. Code used in the malware contains the names of different characters from the series.

Bad Rabbit Ransomware: How do I protect myself?

Advice from security professionals is to keep computers updated with the latest security software and avoid suspicious links. If your computer is already infected, the advice is to not pay the ransom.

"Best practice advice is not to pay the ransom and ensure that data is backed up so systems can be recovered if impacted," says Andrew Clarke, a director at cybersecurity firm One Identity.

"Also [my advice is] to ensure systems are patched and up to date, as well as control administrative access across a network."

Editor's pick

Newsweek cover
  • Newsweek magazine delivered to your door
  • Unlimited access to Newsweek.com
  • Ad free Newsweek.com experience
  • iOS and Android app access
  • All newsletters + podcasts
Newsweek cover
  • Unlimited access to Newsweek.com
  • Ad free Newsweek.com experience
  • iOS and Android app access
  • All newsletters + podcasts