Bad Rabbit Ransomware Exploits Flash Users

A new strain of Ransomware has been discovered this week masquerading as an Adobe Flash update.

An article by WIRED states “The new strain of ransomware, dubbed Bad Rabbit, was first spotted on October 24. To date, the systems attacked have mostly been confined to Russia and Ukraine. The ransomware is the third major spread of malware this year: it follows the wider-reaching WannaCry and NotPetya strains of malicious code.”

The attacks so far have been identified in Russia, Ukraine, Turkey and Germany but none as of yet in the UK.

In the instances so far the malware has been disguised as an Adobe Flash installer but once opened it starts locking the infected device.  The malicious download has been installed on websites which use Javascript by injecting itself into HTML or Java files.  The ransomware is not automatically installed so a user must click on it for it to work.

Once a user has clicked on the installer their device will be locked and the user receives a ransom note demanding, on these occasions, around £220 in Bitcoins.

Bad Rabbit has not spread widely yet but the UK National Cyber Security Centre is aware of the threat and are monitoring the situation.

We are sending this as an advisory notice and urge all of our customers to make sure your staff are aware of the threat and do not manually install Adobe Flash updates.