BadRabbit Hits Russia, Ukraine

A ransomware campaign called BadRabbit has hit Russia’s Interfax news agency and caused flight delays at Odessa airport in Ukraine. It follows similar attacks in May and June that caused billions in damages.

Over half of the targets of the BadRabbit malware on Tuesday were in Russia, while others were in Ukraine, Bulgaria, Turkey and Japan, according to US-based cyber security firm ESET. There were some reports that computers in Germany had also been targeted, DW reported.

ESET’s Robert Lipovsky said the attacks were disturbing because they quickly infected critical infrastructure, which indicated they were part of a “well-coordinated” campaign.

The BadRabbit ransomware is a virus which locks up infected computers and sends messages to victims to pay a ransom to restore access.

One of the targets, Russia’s major news agency Interfax, said some of its services had been hit by the attack but expected them to be back online by the end of the day. However, by 11 p.m. local time it had not yet resumed service, and its internet site remained inaccessible. Two other news sites, one of which is based in St. Petersburg, were also reported to have gone offline.

“Based on our investigation, this has been a targeted attack against corporate networks, using methods similar to those used during the [NotPetya] attack,” the Moscow cyber security and anti-virus provider Kaspersky Lab said in a statement.

BadRabbit appeared to spread in a similar manner to the malware NotPetya virus, which infected Ukrainian government agencies and businesses in June. NotPetya spread across the corporate networks of multinationals with operations or suppliers in Eastern Europe.

The motives of that virus became unclear after researchers found there was no way for victims to recover their files, even if they paid a ransom. It appeared to be designed to cause maximum disruption to the operators of the targeted computer systems.