A major ransomware attack is hitting computers in Russia and Ukraine, bearing similarities to the the massively damaging NotPetya outbreak in June.
The self-titled “Bad Rabbit” malware encrypts data on infected machines before demanding a payment of 0.05 bitcoin for the decryption key. The ransom demand is phrased similarly to that of June’s outbreak, and researchers at Russian security firm Kaspersky say that the malware uses “methods similar to those used” during the NotPetya attack, and that a network of hacked sites initially linked to NotPetya in July was now being used to host secondary distribution channels for Bad Rabbit.
Cybersecurity experts said that the ransomware apparently posed as an Adobe update before locking down computers and demanding money for people to get their files back.
On October 24, the virus attacked Russian media outlets Interfax and Fontanka, and transportation targets in Ukraine including Odessa’s airport, Kiev’s subway and the country’s Ministry of Infrastructure of Ukraine. Interfax confirmed its servers had gone down for 24 hours due to a cyberattack. On the morning of October 25, it transpired that Russian banks had also been targeted but, were not compromised.
Cybersecurity firm ESET also identified cases of Bad Rabbit in Japan and Bulgaria. Another company, Avast, says the ransomware has been detected in the US.
Researchers say Bad Rabbit doesn’t use EternalBlue, the Windows exploit that was leaked in a batch of hacking tools believed to belong to the US National Security Agency. The NotPetya and WannaCry ransomware attacks did use EternalBlue.