Bad Rabbit uses EternalRomance SMB SMB RCE exploit to spread across victims’ networks. NotPetya, also known as ExPetr and Nyetya also leveraged the NSA’s leaked NSA exploit. Ransomware was distributed via drive-by download attacks via compromised Russian media sites, using fake Adobe Flash players installer to lure victims’ into installing malware unwittingly and demanding 0.05 bitcoin (~ $285) from victims to unlock their systems. Users are advised to disable WMI service to prevent the malware from spreading over your network.
Source: https://thehackernews.com/2017/10/bad-rabbit-ransomware.html