Bad Rabbit Ransomware Sweeps Across Europe And Russia Infecting Media Outlets, Airports
Oct 25 2017 by Kate Woods
A new kind of malware hit Eastern European countries such as Russia, Ukraine, Bulgaria, and Turkey yesterday.
The Slovak antivirus company ESETreported that the metro system in Kiev, the Ukrainian capital, and the main airport in Odessa, another large Ukrainian city, had been hit by the ransomware. One cybersecurity company said the malware had been detected in other countries, including the U.S. At the moment, Russian Federation and Ukraine appear to be the most heavily impacted countries. At the end of June, an attack on the "ransomware" software (ransom), which is caused by the computer virus " NotPetya " and had begun in Russian Federation and Ukraine, had affected thousands of computers around the world. Two major global attacks earlier this year - NotPetya and Wannacry - caused widespread disruption affecting businesses, government institutions and hospitals.
The cybersecurity firm has advised users to back up their data and not to pay the ransom. Interfax was forced to publish to its Facebook page during the outage, since its servers were taken offline for a number of hours. BadRabbit is moving through networks in Russia, Turkey, and Bulgaria locking down computers and asking for Bitcoin payment to regain access.
Bad Rabbit is a suspected variant of the recent "Petya" ransomware that sparked disruption across Europe, according to a number of experts, including the U.S. Computer Emergency Readiness Team (US-CERT).
"We report that the IT system of Odessa worldwide airport has been hit by a hacker attack".
Eastern Europe has been hit by a ransomware attack that occurs when victims attempt to install Adobe Flash, Kaspersky Labs reported on Tuesday.
It has been dubbed Bad Rabbit, but this ransomware attack is potentially more costly than any swarm of killer bunnies your imagination could conjure up. A malicious file called infpub.dat appears to be able to use the credentials to allow the Bad Rabbit to spread to other Windows computers on the same local network, Kaspersky Labs' blog post added. "Some of the strings used throughout the code are the names of different characters from this series (e.g Grey Worm, Drogon)". What's more, both of those ransomware were activated via the Windows Management Instrumentation Command-Line, a device manager tool, in addition to Mimikatz, a password and data mining tool. If the update was downloaded and installed, it provided attackers with a backdoor onto the system via which they could launch NotPetya (see NotPetya Patient Zero: Ukrainian Accounting Software Vendor). "Fake Flash updates are an incredibly popular method of distributing malware these days".