A new ransomware attack dubbed "Bad Rabbit" is sweeping Russia and Ukraine, among other Eastern European countries, according to several reports.
It's too early to tell how far reaching the event will be, or at this time who has been hit thus far, but a series of reports concerning attacks on Ukrainian transportation and infrastructure have alarms blaring.
Russian cybersecurity firm Group-IB reports that at least three Russian media outlets have been attacked, counting as well "state institutions and strategic objects in Ukraine as its victims". The firm told Motherboard that an airport in Odessa, the Kiev subway, and the Ministry of Infrastructure of Ukraine had all been affected by a "new mass cyberattack".
Russian news agency Interfax announced via Twitter that it was working to restore its systems after hackers took down its servers.
Once infected, victims are directed to a Tor-hidden website whereupon a ransom of 0.05 Bitcoin is demanded (about $364 at the time of writing). If the ransom is not paid within roughly 40 hours, the cost of decrypting the lost data is increased. The ransom message, a red font on a black background, appears to be similar to one used in the NotPetya attacks this June.
According to the Moscow-based Kaspersky Lab, Bad Rabbit infections have been detected in Turkey and Germany as well. "Based on our investigation, this is a targeted attack against corporate networks, using methods similar to those used in the [NotPetya] attack," the firm reported. "However, we cannot confirm it is related to [NotPetya]. We continue our investigation."
The Czech cybersecurity firm ESET said in a blog that the attack on the Kiev Metro systems was a variant of the Petya ransomware upon which NotPetya was also based - though NotPetya was eventually determined to be wiper malware, designed to permanently damage data, not collect ransom.
According to ESET, the attack has also spread to Bulgaria and other countries.