“Bad Rabbit” ransomware starts to spread across Europe: How to stay protected from “old-school” attacks

cyber crime

This has been the year businesses have been forced to face up to the reality of widespread and devastating ransomware attacks, and recent reports suggest a new malware could be emerging right as the world continues to count the cost of the dangerous WannaCry and Petya viruses.

The Guardian reports many companies in northern Europe are currently under siege by a ransomware attack that is heavy on the pop-culture references, called “Bad Rabbit”. The ransomware hops from computer to computer by masquerading as an update for Adobe Flash.

As is the case with many ransomware attacks, once infected the computer’s files are encrypted and a ransom is demanded in order to unlock the files. In the case of Bad Rabbit, the hackers have asked for the comparatively small price of just 0.05 Bitcoin, or around $370.

Compared to the recent spate of ransomware attacks, Bad Rabbit’s efficacy and severity fall fairly low on the spectrum – with reports suggesting the attack does not wipe users’ files like the Petya attack, nor using system-level exploits in the Windows operating system like the WannaCry attack.

The malware also reportedly includes a number of pop-culture references in its code, specifically to a number of characters in the Game of Thrones series, and references to 1995 movie Hackers.

“Old school” attacks still have legs

Speaking to SmartCompany, practice manager at Melbourne-based ethical hacking company HackLabs, Michael McKinnon, says Bad Rabbit has all the indications of an “old-school attack”, specifically referring to the infection point relying on human interaction and error over standalone system exploits.

“I’m shaking my head at why people are still falling for flash-player based attacks as Flash has been phased out for a while. Adobe itself has announced Flash is obsolete,” McKinnon says.

“This is a classic social engineering attack relying on human interaction where users are tricked into installing the malware themselves.”

McKinnon also says the low dollar amount demanded by the hackers was “odd” given the price of digital currency Bitcoin recently hitting an all-time high of around $7900, believing the hackers may have been pushing a low dollar amount in the hopes more victims would be happy to pay up.

While the attack is still currently region-specific, affecting organisations such as the Kiev metro system and popular Russian news organisation Interfax, McKinnon says there’s little doubt the attack is spreading further every second.

“It’s only a matter of time until we see it in some capacity locally by the virtue of the internet’s global connectivity,” he says.

Despite the recent spotlight on similar attacks to Bad Rabbit, McKinnon says there’s always room for more education for businesses around good practice for dealing with viruses.

“A lot of the alternate stopgap measures SMEs can put in place is thinking about their cyber-resilience and making sure they have sufficient backups off-site,” he says.

“Human error is unavoidable, so safety is entirely contingent on taking whatever measures you can so if it does occur, critical business data is protected.”

Businesses with up-to-date and comprehensive virus checkers are likely to be protected also, as The Guardian reports two-thirds of updated security products correctly identify Bad Rabbit.

Never miss a story: sign up to SmartCompany’s free daily newsletter and find our best stories on TwitterFacebookLinkedIn and Instagram.


Notify of
Inline Feedbacks
View all comments
SmartCompany Plus

Sign in

To connect a sign in method the email must match the one on your SmartCompany Plus account.
Or use your email
Forgot your password?

Want some assistance?

Contact us on: support@smartcompany.com.au or call the hotline: +61 (03) 8623 9900.