A number of cybersecurity groups -- including Kaspersky Labs and researchers at ESET and Proofpoint -- have stated that the attack was spread via a fake Adobe Flash update. And so far there have been reported cyberattacks on Russian media companies Interfax and Fontanka.ru. There have also been attacks on Ukraine's Odessa airport, the Kiev subway and Ukraine's Ministry of Infrastructure, though it's not immediately clear if they're all Bad Rabbit.
Once their computers are infected with the ransomware, users are sent to a darknet site that says they must pay 0.05 bitcoin (just over $281) in order to regain access to their encrypted files. They're given around 40 hours to make the payment before the price goes up, according to a countdown displayed on the site. Kaspersky Labs said in a post that it can't yet confirm that Bad Rabbit is related to NotPetya, which spread around the world earlier this year, but that it did use similar methods. However, ESET, a
Czech Republic-based Slovakia-based security company said that, like NotPetya, Bad Rabbit is a variant of the Petya ransomware. Petya, NotPetya and WannaCry all spread through multiple countries earlier this year.
As of now, it's unclear who is behind the attack.