A new ransomware outbreak has been detected attacking Russia, Ukraine and other countries in Eastern Europe.
The malware is hitting media companies across the continent, and three have confirmed the attack at the time of writing.
Dubbed Bad Rabbit, the malware has attacked Interfax (a news agency), and a Ukrainian airport in Odessa. Russian security firm Group-IB has also confirmed that this, in fact, is a ransomware. The message victims get, as well as the aesthetic used to present the message, highly resembles NotPetya.
There are still no clues as to who might be behind the attack. What we do know so far is that the attackers are demanding payment of 0.05 bitcoin, currently worth £213.
Commenting on the attack, Amichai Shulman, CTO at Imperva said: "At the end of the day, all Ransomware is basically the same. Hackers via the ransomware malware are making files unavailable to users and as a consequence disrupt the operations. As long as the infection and effect of the Ransomware is constrained to end points, the damage to organizations should be minimal. That is key.”
Security researchers have confirmed (opens in new tab) that Bad Rabbit spread through a fake Adobe Flash Player installer. The malware seems to have been distributed via booby-trapped legitimate sites, “all of which were news or media websites”.
“Some might say – why after WannaCry and NotPetya are systems still unpatched?” Shulman continues. “The issue of patching is irrelevant when looking at a potentially self-replicating malware like Bad Rabbit because in any large network there will be some unpatched devices. By protecting file servers (e.g. deploying File Firewall solutions) rather than focusing on endpoints organizations can minimize the effect of such incident and avoid disruption to business."
Image Credit: WK1003Mike / Shutterstock