Sponsored by Keepnet Labs

BadRabbit Execution Flow

What is Bad Rabbit?

Bad Rabbit is a previously unknown ransomware family.

How is Bad Rabbit distributed?

The ransomware dropper was distributed with the help of drive-by attacks. While the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actor’s infrastructure. No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer. However, our analysis confirmed that Bad Rabbit uses the EternalRomance exploit as an infection vector to spread within corporate networks. The same exploit was used in the ExPetr.

We’ve detected a number of compromised websites, all of which were news or media websites.

No photo description available.

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *