Like rabbits, ransomware seems to multiply at a prodigious rate. The newest strain causing widespread damage dubbed Bad Rabbit, due to the TOR hidden service it directs victims to visit, appears to be based on the Petya ransomware and its’ variants, according to Cisco Talos. The campaign seems to have largely targeted Russia and Eastern Europe.
Petya is a ransomware campaign that has been updated to take advantage of an exploit named EternalBlue (named this by the NSA as part of their toolset). This exploit takes advantage of a vulnerability in the Server Message Block (SMB) protocol.