- petur r/Flickr (CC)
- There’s a nasty new strain of ransomware spreading in Europe called “Bad Rabbit.” It encrypts victims’ files and demands hundreds of dollars to release them. It spreads by pretending to be a Flash update, and is full of hidden “Game of Thrones” references.
If you get a prompt to update Adobe Flash while browsing online any time soon – be careful.
A new strain of ransomware dubbed “Bad Rabbit” is spreading in Europe, tricking victims into installing it by pretending to be a software update.
According to researchers from security firm Kaspersky, the majority of targets thus far have been in Russia, but it has also infected people in Germany, Ukraine, and Turkey.
ESET, another security company, has also spotted it in Bulgaria, Japan, and elsewhere.
For the unfamiliar, ransomware is a type of malware that encrypts a victim’s data and refuses to release it unless they pay a ransom, typically in digital currency bitcoin.
BadRabbit asks for a 0.05 bitcoin bounty – around $280, or £213.
Here’s the message that infected victims are seeing:
And this is the website they’re directed to in order to pay to get their files back:
Per Kaspersky, multiple media outlets have been hit by the attack, including Interfax news agency and Fontanka.ru, and their websites are being used to spread the malware, while ESET adds that a Ukrainian airport and the Kiev Metro has also been affected.
The security firms say the malware is similar to Petya, which hit dozens of countries earlier in 2017.
It’s not yet clear who’s behind Bad Rabbit – but they seem to be a fan of “Game of Thrones.” It contains references to the hit HBO fantasy show, including “Drogon” and “Rhaegal” (two of Daenerys Targaryen’s dragons) and “GrayWorm” (the dragon queen’s commander).
BadRabbit creates two scheduled tasks, named after the dragons from Game of Thrones. Also a reference to GrayWorm, the skin disease in GoT. pic.twitter.com/BfQxGrMwC0
— Beaumont Porg, Esq. (@GossiTheDog) October 24, 2017
Kaspersky recommends that people do not pay the ransom and back up data – meaning if they are infected (by this or anything else), they can simply wipe and restore.