Cybersecurity Alert: New Ransomware Variant "Bad Rabbit" Hits Russia, Ukraine, and Others

October 25, 2017

Threat Summary

A new strain of ransomware, nicknamed "Bad Rabbit," has been detected in several countries, including Russia, Ukraine, Turkey, Germany, and others. Russia so far has seen the most attacks. The Bad Rabbit outbreak is similar to the WannaCry and Petya ransomware attacks from earlier this year. The security firm Eset said they have seen Bad Rabbit distributed as a fake Adobe Flash update. Another researcher said Bad Rabbit creates two Windows tasks named Drogon and Rhaegal, the names of two of the dragons from Game of Thrones.

For more information on Bad Rabbit, see the United States Computer Emergency Readiness Team's (US-CERT) alert.

ACA Aponix Guidance

ACA Aponix recommends taking the following precautionary measures to prevent Bad Rabbit or other ransomware infections:

  • Do not click on or install software without appropriate vetting – Bad Rabbit infections occur via the installation of a fake Adobe Flash installer.
  • Remove Flash from systems if possible.
  • Do not use a privileged account (e.g., Administrator) for day-to-day operations.
  • Ensure you have a sound data backup and recovery plan; you may need to use it for infected systems.
  • It is uncertain if you’ll receive a decryption key if the ransom is paid; pay only as the very last resort if data is otherwise unrecoverable and necessary.
  • Ensure your anti-malware software is updated frequently – anti-malware software providers are already working on fixes if they don’t defend against Bad Rabbit already.

If you have any questions, please contact your ACA Aponix consultant or email us at