Ransomware

Bad Rabbit

First seen: 2017 • Status: inactive

Currently Inactive

Bad Rabbit pretended to be a Flash Player update but was really a ransomware that locked computers and spread through office networks.

Overview

Bad Rabbit is a ransomware that spread through fake Flash Player updates on compromised websites. It primarily targeted organizations in Russia and Ukraine.

Also Known As

BadRabbit

How It Spreads

  • Fake Flash Player updates
  • Drive-by downloads
  • SMB lateral movement

What It Does

  • File encryption
  • MBR modification
  • Network propagation
  • Credential harvesting

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Block fake Flash download sites
  • Monitor for lateral movement
  • Check for Mimikatz usage
  • Review scheduled tasks

MITRE ATT&CK Techniques

T1189, T1486, T1570, T1003

If You're Infected

  1. 1.

    Isolate infected systems

  2. 2.

    Block malicious domains

  3. 3.

    Reset domain credentials

  4. 4.

    Restore from backups

Related Malware

Notpetya, Petya, Wannacry

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices