A new malware campaign dubbed “BadRabbit” infected computer systems in Russia and other countries on Tuesday (Oct. 24), reported Reuters.
According to the news report, the malware impacted the Russian Interfax news agency and was to blame for flight delays in Ukraine. The U.S. government even issued a warning about BadRabbit, even though there weren’t any major outages reported.
BadRabbit is a ransomware attack that locks up computers and requires that a ransom is paid to restore the systems. The May and June attacks used similar malware, which resulted in losses that some economists estimated to be as high as billions of dollars. The government advised U.S. victims to not pay the ransoms and to report the attack to the FBI via its Internet Crime Complaint Center, noted the report.
Robert Lipovsky, a malware researcher with cyberfirm ESET, told Reuters the attacks were concerning because they infected critical infrastructures, such as transportation, which indicated that it was a well-coordinated attack. More than half of the impacted systems were in Russia, followed by Ukraine, Bulgaria, Turkey and Japan, according to ESET. In Ukraine, a spokesman for the Odessa airport said that some flights were delayed because passenger data had to be processed manually. Meanwhile, the Kiev Metro’s payment system was hacked, but it didn’t impact trains.
Kaspersky Lab, the Russian cybersecurity firm, told Reuters that BadRabbit seems to have spread the same way the NotPetya virus spread in June. In that attack, many Ukrainian government agencies and businesses were taken offline. That virus then spread to companies in Eastern Europe, noted Reuters. The main target in that attack appeared to be the Ukraine, with the other 59 countries being casualties. Kaspersky Lab and prominent cybersecurity guru Matt Suiche both came to this conclusion within 24 hours of the attack, and it gels with officials’ gut instincts.
“All of this was done under the guise of financial gain, but in reality, the purpose was to destabilize the situation inside our country,” said Vasyl Hrytsak, head of the Security Service of Ukraine. NotPetya took an update from Ukrainian accounting software company MeDoc and made it its Trojan horse in order to get around firewalls.