New cyberattack hits Russia, Ukraine
October 25, 2017Over half of the targets of the BadRabbit malware on Tuesday were in Russia, while others were in Ukraine, Bulgaria, Turkey and Japan, according to US-based cybersecurity firm ESET. There were some reports that computers in Germany had also been targeted.
ESET's Robert Lipovsky said the attacks were disturbing because they quickly infected critical infrastructure, which indicated they were part of a "well-coordinated" campaign.
The BadRabbit ransomware is a virus which locks up infected computers and sends messages to victims to pay a ransom to restore access.
One of the targets, Russia's major news agency Interfax, said some of its services had been hit by the attack but expected them to be back online by the end of the day. However, by 11 p.m. local time (1900 UTC) it had not yet resumed service, and its internet site remained inaccessible. Two other news sites, one of which is based in St. Petersburg, were also reported to have gone offline.
"Based on our investigation, this has been a targeted attack against corporate networks, using methods similar to those used during the [NotPetya] attack," the Moscow cybersecurity and anti-virus provider Kaspersky Lab said in a statement.
BadRabbit and NotPetya
BadRabbit appeared to spread in a similar manner to the malware NotPetya virus, which infected Ukrainian government agencies and businesses in June.
NotPetya spread across the corporate networks of multinationals with operations or suppliers in Eastern Europe. The motives of that virus became unclear after researchers found there was no way for victims to recover their files, even if they paid a ransom. It appeared to be designed to cause maximum disruption to the operators of the targeted computer systems.
Odessa airport, Kyiv metro hit
Data was processed manually at Odessa airport in Ukraine throughout Tuesday, causing flight delays. The airport said via its Facebook page that its "information system" stopped working in the afternoon.
"We report that the IT system of Odessa international airport has been hit by a hacker attack. All services of the airport are working in a stricter mode," the airport said in a statement.
The payment system for Kyiv's metro transport network was also hacked, but trains continued to run normally.
Ukraine's banking services, which had been hit in previous attacks, were unaffected according to the central bank.
Further questions
The US Department of Homeland Security issued a warning, advising people not to pay ransoms and to report any infections to the Federal Bureau of Investigation through the government's Internet Crime Complaint Center.
Earlier in the month, Ukraine's state-run Computer Emergency Response Team (CERT) had warned of another viral attack and called for people to increase cybersecurity.
"We ask the owners of telecommunication systems, other information resources, transport infrastructure first of all, as well as ordinary internet users, to comply with stricter cybersecurity requirements," CERT-Ukraine said in a statement on October 13.
Who launched the attack and why were questions that remained unanswered on Tuesday night. Experts were considering the possibilities of a state-sponsored targeted attack, or a plot to make money.
jm/cmk (Reuters, AFP)