The outbreak started when Bahmut.com.ua, a major Ukrainian news website, was infected with the ransomware, along with dozen more sites.
An early vaccine has been released for the ransomware, which should prevent infection.
When Bad Rabbit infects a computer, it seizes files and demands a ransom. The warning advises against paying ransoms and, instead, encourages victims to report infections to the Federal Bureau of Investigation through the government's Internet Crime Complaint Center.
Victims of the Bad Rabbit ransomware include the Kiev Metro and Odessa International Airport in Ukraine, as well as Russian news agency Interfax and other media organisations. According to security company Eset, which published a blog post on Bad Rabbit, there are a number of Russian domains (.ru) that have been affected. "We're still studying the situation", Kaspersky Lab stated, referring to a major cryptoware attack which hit a number of companies in Russian Federation and Ukraine back in June. The ransom message, a red font on a black background, appears to be similar to one used in the NotPetya attacks this June.
Some, however, say that Bad Rabbit shares clear similarities.
"Unfortunately, ransomware is hard to totally prevent and there is no silver bullet for protecting against this type of attack".
Bad Rabbit spreads itself through downloads, requiring a target to take action to install the ransomware - which takes the form of a bogus Adobe Flash installer. On Tuesday, the United States Computer Emergency Readiness Team issued an alert about Bad Rabbit and encouraged victims to not pay the ransom. The firm also blocks the known Internet distribution points with its web protection technology and Sophos CryptoGuard stops the attack on any exposed endpoints using Sophos Intercept X.
One thing, however, is clear: Bad Rabbit's authors are fans of Game of Thrones. The ransomware code contains references to characters from the popular book and TV series like Grey Worm and Daenerys' dragons.
"For organizations to effectively defend against attacks like Bad Rabbit, they need to have instant visibility into which of their assets are susceptible to the attack", added Manoj Asnani, vice president of product and design at security specialist Balbix.
According to malware researcher James Emery-Callcott, the ransomware campaign is slowly dying down. "In that case, what we have seen is that a popup asking to download an update for Flash Player is shown in the middle of the page".