You might have heard of ransomware viruses: some were weak, barely reaching users’ email accounts, and others hit the world with a loud “boom!”. More frightening infections were referred to by names of NotPetya or WannaCry: infections that managed to slither into computers from all over the world.
However, there are tons of less successful crypto-malware variants, mostly all of then based on Hidden Tear open source project, or contain some serious bugs, preventing them from fully encrypting data. This time we will discuss one of the exceptions. A ransomware infection that managed to do it all: bring fear into the cyber space once again.
Even though Bad Rabbit ransomware virus has a silly name, it should not be underestimated. Over a course of a few days, it has become the focus of many social media sites and cybersecurity portals. It attracted so much attention due to the fact that it managed to infect such utilities like airports and other business enterprises.
Bad Rabbit virus displays the exact same screen locker that NotPetya did. However, these viruses are not so comparable as it seems from the first glance. Bad Rabbit initiates redirection and uses AES algorithm. Furthermore, it encodes the decryption key with RSA-2048 cipher.
One of the most disturbing facts about this ransomware is its distribution method. Even though random Adobe Flash Player updates are considered unreliable for a very long time now, some still fail to recognize the threat. Hackers simply invaded some websites and made sure that domains would automatically present propositions to for Flash Update. As you can see, many people swallowed the bait and became infected.
Currently, it is difficult to say whether decryption of this Bad Rabbit infection will ever be possible. It could have damaged files beyond restoration. Nevertheless, it is important not to lose hope and believe in security researchers. However, do not do anything rash while researchers are investigating the newly-detected infection. Paying ransom of 0.05 BTC might not solve your problems as the authors can disappear after the ransoms are paid. Do not waste 275 dollars for an option that might not even help you.