Ransom malware, or ransomware, is malicious software that prevents users from accessing their system, personal files, and other data—typically through encryption—while demanding a ransom payment to reinstate access. Alternatively, ransomware campaigns may threaten to publish personal or sensitive materials if a ransom is not paid.
Like rabbits, ransomware seems to multiply at a prodigious rate. The newest strain causing widespread damage dubbed Bad Rabbit, due to the TOR hidden service it directs victims to visit, appears to be based on the Petya ransomware and its’ variants, according to Cisco Talos. The campaign seems to have largely targeted Russia and Eastern Europe.
Petya is a ransomware campaign that has been updated to take advantage of an exploit named EternalBlue (named this by the NSA as part of their toolset). This exploit takes advantage of a vulnerability in the Server Message Block (SMB) protocol.
Earlier this month WannaCry was named the world’s biggest cyberattack which hit at over 150 countries and infected over 300,000 machines across hospitals, universities, manufacturers, government agencies and other important centers.