One of the ways the new ransomware is spreading is via a fake Flash update, wherein someone visits a compromised site with a pop-up that says your Flash Player needs to be updated, tricking the victim into downloading the malware themselves.
Kaspersky Lab meanwhile said in a preliminary post on the malware that hit the news outlets that early indicators show that the attacks are targeting corporate networks, mostly in Russian Federation but also Ukraine, Turkey and Germany, and that it uses an infection vector similar to Petya (which it calls ExPetr)-but that it couldn't confirm yet whether the two are related.
The sites that were seen redirecting to BadRabbit were a variety of sites that are based in Russia, Bulgaria, and Turkey.
This has been a bad year for wide-scale ransomware attacks, where malware encrypt a user's computer and demands payment to unlock the machine.
Meanwhile, the metro system in Kiev reported a hack on its payment system but said trains were running normally. Experts and government agencies advise victims not to pay up, warning that there's no guarantee they will get their files back.
Kaspersky and British IT security company ESET have both mentioned links to NotPetya but could not confirm whether the two strains were related.
As per the Kaspersky's finding, the attack doesn't use exploits, but it is a drive-by attack.
According to cyber-security experts, a small sized computer virus of the malware also spread across Turkey and Germany. Since the malware is spread via essential systems used by many computers, early detection or prevention is also hard to implement. "No one will be able to recover them without our decryption service".
It's not clear who's behind the outbreak, but the cybercriminals appear to be "Game of Thrones" fans.
With a ransom of just 0.05 bitcoins this is the sort of amount that organizations would not really think twice about paying. Instead of the usual desktop user sees a black screen where is written in red letters about encryption of all files on the computer. To date, the systems attacked have mostly been confined to Russian Federation and Ukraine.
F5 Networks Senior Systems Engineer Paul Dignan told Express.co.uk, "The Bad Rabbit infection is not captured by most common anti-virus solutions, which means users could be infected without knowing".