The Bad Rabbit ransomware attack, first spotted on Tuesday that spread in a matter of hours and hit machines mostly in Russia, now appears to be over.

Investigators and research teams have concluded that Bad Rabbit shares some common code with previous ransomware variants Petya and NotPetya, but they can't be sure it's the same group or groups behind the attacks. 

Group IB, the Russian security firm, stated in a blog post that the code "suggests a link between Bad Rabbit and Black Energy campaigns." Black Energy is the Trojan used by the Russian nation-state Sandworm attack group thought to be behind the cyberattacks on Ukraine's electrical utility, which is also believed to have waged NotPetya. But Bad Rabbit didn't multiply in the same manner as the Petya and NotPetya ransomware attacks.

While the previous two ransomware campaigns relied more on exploits and supply-chain attacks to distribute their malware surreptitiously, Bad Rabbit employed old-school password-stealing and didn't exploit any vulnerabilities on victim machines.

Bad Rabbit spread quickly and for a short period of time in an apparent attempt to do the most damage. The ransomware campaign demanded a ransom of .05 Bitcoin, or $285 and infected victims, it hit hundreds of government, media, transportation, and other targets in 15 nations, including Russia's Interfax Agency and Fontanka, and Ukraine's Kiev Metro, its Odessa International Airport, and various ministries of infrastructure and finance.

According todata from security firm Avast, Russia was the most affected, representing 71% of detections by the firm, followed by Ukraine, 14%, and Bulgaria, 8%.

Bad Rabbit’s dangerous aspect is the fact that it managed to infect critical infrastructures - subway, airport, as well as government institutions - in a short timeframe, which indicates a well-coordinated attack…