Bad Rabbit – New Ransomware

Russia and Eastern Europe hit by a new ransomware campaign. Looks to be spreading into South Korea and USA Bad Rabbit Ransom Note

"It has been confirmed that this attack infected several news media agencies in Russia, including knocking the Russian news agency Interfax offline. In addition, a number of public transportation organizations, including the Odessa International Airport and the Kiev Metro in the Ukraine, have also been affected. There is currently no clear indication as to who is responsible for this attack.

The initial threat vector is through users installing malicious copies of Flash Player obtained through infected websites or watering hole attacks. Users are tricked into opening up an .exe file and then launching the ransomware application. The malware then attempts to steal Windows cached user credentials (username and passwords) and encrypt user files. Unlike other known ransomware, this malware does not rename or change the filename of the files it encrypts." - Fortinet Blog.


Fortinet's AV/Malware engine is detecting all versions of the known malware. Additionally Fortinet's Web Filtering and DNS engines are blocking known C&C servers.

Is your AV software protecting you?