Skip to content

Hide Navigation Hide TOC

Bad Rabbit (e8af6388-6575-4812-94a8-9df1567294c5)

On October 24, 2017, Cisco Talos was alerted to a widescale ransomware campaign affecting organizations across eastern Europe and Russia. As was the case in previous situations, we quickly mobilized to assess the situation and ensure that customers remain protected from this and other threats as they emerge across the threat landscape. There have been several large scale ransomware campaigns over the last several months. This appears to have some similarities to Nyetya in that it is also based on Petya ransomware. Major portions of the code appear to have been rewritten. The distribution does not appear to have the sophistication of the supply chain attacks we have seen recently.

Cluster A Galaxy A Cluster B Galaxy B Level
EternalPetya (6f736038-4f74-435b-8904-6870ee0e23ba) Malpedia Bad Rabbit (e8af6388-6575-4812-94a8-9df1567294c5) Ransomware 1
Bad Rabbit (e8af6388-6575-4812-94a8-9df1567294c5) Ransomware NotPetya (00c31914-bc0e-11e8-8241-3ff3b5e4671d) Tool 1
EternalPetya (6f736038-4f74-435b-8904-6870ee0e23ba) Malpedia NotPetya (00c31914-bc0e-11e8-8241-3ff3b5e4671d) Tool 2