A strain of ransomware has seized computer systems used by a handful of Russian media outlets and the Ukrainian transportation sector amid a wave of cyberattacks affecting victims across Eastern Europe.
Dubbed “BadRabbit,” the virus claimed victims Tuesday including Russian newswire Interfax and Ukraine’s Odessa International Airport, among others, according to multiple news reports and cybersecurity experts.
“Oops! Your files have been encrypted!” read the beginning of a message displayed on hacked Interfax computers Tuesday, according to Group-IB, a Moscow-based cybersecurity firm monitoring the cyberattack.
“If you see this text, your files are no longer accessible,” the message continued. “You might have been looking for a way to recover your files. Don’t waste your time. No one will be able to recover them without our decryption service. We guarantee that you can recover all your files safely. All you need to do is submit the payment and get the decryption password.”
Hacked computers directed users to a website where victims are asked to pay a ransom in digital currency worth about $280 as of Tuesday afternoon.
The ransomware’s victims include at least three Russian media outlets, Group-IB said Tuesday without naming them. Interfax, St. Petersburg-based news site Fontanka and 47news, a news site serving Russia’s Leningrad region, all independently reported suffering cybersecurity issues that same day.
“Interfax Group’s servers have come under a hacker attack. The technical department is taking all measures to resume news services. We apologize for inconvenience,” said Interfax, a privately-owned newswire with over 1,000 employees.
Security firms including IB-Group, ESET and Kaspersky Lab independently linked BadRabbit to cyberattacks suffered Tuesday by Odessa airport, the Kiev Metro system and the Ukrainian Ministry of Infrastructure.
The Odessa airport reported that its “information system” malfunctioned Tuesday afternoon and said that “airport services are working in a reinforced security regime.” The Kiev Metro, meanwhile, said an unspecified cyberattack had affected certain payment services used for ticketing.
The Computer Emergency Response Team of Ukraine, CERT-UA, issued a warning Tuesday acknowledging of “a possible start of a new wave of cyberattacks to Ukraine’s information resources,” citing both the Odessa and Kiev infections but without mentioning the ransomware strain.
ESET, based in the Czech Republic, said it linked the ransomware Tuesday to “hundreds” of infections in Russia, Ukraine, Turkey and Bulgaria.
“The dangerous aspect is the fact that it was able to infect many institutions which constitute critical infrastructure in such a short timeframe … which indicates a well-coordinated attack,” Robert Lipovsky, a malware researcher at ESET, told Wired.
Both ESET and Kaspersky, a Moscow-based antivirus vendor, said they found similarities between BadRabbit and previous ransomware strains discovered in 2017 an 2017 dubbed Petya and NotPetya, respectively.
The FBI received 2,673 complaints involving ransomware in 2016 totaling over $2.4 million in losses, according to a June report published by the bureau’s Internet Crime Complaint Center (IC3). The FBI typically advises ransomware victims against paying cybercriminals.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.