New cyber attack hits Russian Federation and Ukraine

Bad Rabbit, as the outbreak is being dubbed, is primarily attacking targets in Russian Federation, but it’s also infecting computers in Ukraine, Turkey and Germany, researchers from Moscow-based Kaspersky Lab said. It has also been detected in other countries including the U.S., Germany and Japan.

Lorenzo Franceschi-Bicchierai reporting in Motherboard: “Once [the malwae] infects a computer, Bad Rabbit displays a message in red letters on a black background, an aesthetic used in the massive NotPetya ransomware outbreak”. Your files have been encrypted.

When Bad Rabbit infects a computer, it seizes files and demands a ransom. It did not identify any USA victims but advised the public to refrain from paying ransoms and report any infections to the Federal Bureau of Investigation through the government’s Internet Crime Complaint Center. The firm told Motherboard that an airport in Odessa, the Kiev subway, and the Ministry of Infrastructure of Ukraine had all been affected by a “new mass cyberattack”.

A new ransomware is breaking into hard-to-crack media outlets, subway systems, and airports in Europe, particularly Ukraine and Russian Federation. There have also been reports of the virus hitting Poland and South Korea. The ransom note is nearly identical to the one used by NotPetya, in the June outbreak.

Experts said there were clear links between the two viruses.

“All signs indicate that this is a target attack against corporate networks”, TASS cited Kaspersky as saying.

According to researchers from security firm Kaspersky, the majority of targets thus far have been in Russian Federation, but it has also infected people in Germany, Ukraine, and Turkey.

“Victims download a fake Adobe Flash installer from infected websites and manually launch the.exe file, thus infecting themselves. First, it scans internal network for open SMB shares.” the ESET analysis reads.

Jakub Kroustek, Malware Analyst at Avast, said: “We’re classifying Bad Rabbit as malware, with code resembling NotPetya”. But considering that the attack is by the same authors of Petya, we could see the ransomware spread to other parts of the world.

Game of Thrones fans may be bemused to learn that three routines carried out by the malware are named Drogon, Rhaegal and Viserion, after three dragons in the series. What’s more, both of those ransomware were activated via the Windows Management Instrumentation Command-Line, a device manager tool, in addition to Mimikatz, a password and data mining tool.

According to malware researcher James Emery-Callcott, the ransomware campaign is slowly dying down.

Kaspersky discovered that NotPetya and BadRabbit were similarly present on dozens of hacked websites.

If you get a prompt to update Adobe Flash while browsing online any time soon – be careful.