Bad Rabbit Ransomware Hits Russia And Ukraine

Ransomware is wreaking havoc through Russia, Ukraine and potentially further afield, in a breakout similar to WannaCry and NotPetya.

The malware dubbed Bad Rabbit has so far affected three Russian websites, according to cyber threat intelligence firm Group-IB.

While Reuters reported that an underground railway in the Ukraine capital Kiev and an airport in the nation have also been affected by the Bad Rabbit ransomware.

Infected machines display a red-on-black message that requests victims login to a website hidden on the Tor network and make a payment of 0.05 Bitcoins, which is currently around £214. Victims have to pay up within around 40 hours if they want to have their files decrypted or the price goes up.

At the time of writing, there is no indication of who is behind the attacks and the number of organisations and people affected by it.

Bad Rabbit ransomware

Cyber security firm ESET noted that the malware that affected the Kiev station is a variant of the infamous Petya ransomware, which NotPetya – also known as ExPetya –  was also derived from.

ESET’s research and that of cyber security firm Kaspersky also uncovered that the malware has been spread through a fake Adobe Flash Player Installer hidden on booby-trapped legitimate websites.

The problems with Bad Rabbit is that is was not detected by a lost of anti-virus and security software as malicious.

And according to Christiaan Beek, lead scientist at McAfee, noted Bad Rabbit encrypts a variety of common files, such as .doc and .jpg files.

So far the Bad Rabbit campaign does not appear to be as widespread as the WannaCry and NotPetya campaigns.

“According to our data, most of the victims targeted by these attacks are located in Russia. We have also seen similar but fewer attacks in Ukraine, Turkey and Germany,” said Vyacheslav Zakorzhevsky, head of the anti-malware research team at Kaspersky Lab.

This ransomware infects devices through a number of hacked Russian media websites. Based on our investigation, this has been a targeted attack against corporate networks, using methods similar to those used during the ExPetr attack. However we cannot confirm it is related to ExPetr. We continue our investigation.”

With this in mind it would appear there is more research needed before the extend of the Bad Rabbit spread, its source and its targets can be identified with some certainty.

Quiz: What do you know about cyber security in 2017?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Google Increases Concessions, Amid CMA Oversight Of Cookie Removal

Google expands data pledges to address concerns of British competition regulator, overseeing tech giant's removal…

23 hours ago

India Moves To Ban Private Cryptocurrencies

India is to launch its own official digital currency, but will also ban private cryptocurrencies…

1 day ago

Google To Pay Millions To Ireland In Back Taxes

Google is to pay £183m in back taxes to the Irish government, in line with…

1 day ago

Orange CEO Resigns After Court Conviction

Stephane Richard steps down from his CEO and chairman positions of French mobile giant Orange,…

2 days ago

Apple To Use Own iPhone 5G Modem Design In 2023 – Report

Bad news Qualcomm. Team up with TSMC will see Apple utilise its own 5G modems…

2 days ago