The Bad Rabbit ransomware is spreading across Europe not long after the WannaCry and NotPetya outbreaks. But Bad Rabbit is a “targeted attack” with widespread implications.
A new cyber attack is affecting numerous computer systems around Europe. The new strain of ransomware known as “Bad Rabbit” is believed to be behind all of the trouble. Bad Rabbit has spread to Russia, Ukraine, Turkey, and Germany. Cybersecurity firm Kaspersky Lab, which is monitoring the malware, has compared it to the WannaCry and Petya attacks that caused so much chaos earlier in the year.
According to the Kaspersky Lab, the majority of victims are located in Russia, and the ransomware appears to have infected devices through the hacked websites of Russian media organizations. Interfax and Fontanka in Russia have both been hit by a cyber attack, as have Odessa Airport and the Kiev Metro in Ukraine.
“Based on our investigation, this is a targeted attack against corporate networks, using methods similar to those used in the ExPetr attack,” Kaspersky Lab has said. “However, we cannot confirm it is related to ExPetr.” According to Secure Lst, ExPetr is a wiper, not ransomware. “The dangerous aspect is the fact that it was able to infect many institutions which constitute critical infrastructure in such a short timeframe,” says Robert Lipovsky, a malware researcher at ESET, “which indicates a well-coordinated attack.”
Kaspersky also found strong evidence tying the new attack to the creators of NotPetya. After the June NotPetya outbreak, the company’s analysts found that one Ukrainian news site, Wired, had been hacked to deliver the malware, along with dozens of other sites that were similarly corrupted—but hadn’t yet been activated to start infecting victims. Now Kaspersky has found that 30 of those hacked sites began to distribute the BadRabbit malware on Tuesday. –
“This indicates that the actors behind ExPetr/NotPetya have been carefully planning the BadRabbit attack since July,” writes Costin Raiu, the director of Kaspersky’s global research and analysis team, in a note to Wired.
The cyber criminals behind Bad Rabbit are locking computers down and demanding 0.05 Bitcoin (roughly $277 at the time of this article’s construction) from victims, in exchange for the restoration of their devices. However, security experts always advise people against paying the ransom. This is because it encourages more attacks, and there’s no guarantee the attackers will actually honor their word and remove the malware from your device once you’ve paid the fee.
According to the Bad Rabbit ransom screen, the demanded fee will rise in the near future too. NotPetya took down a number of Ukrainian government agencies and businesses in June, before spreading rapidly through corporate networks of multinationals with operations or suppliers in eastern Europe. According to Wire, Bad Rabbit is linked to NotPetya.