Sunday, Jul 03, 2022

'Bad Rabbit': Fresh Ransomware Spreads Across Europe

A cyber attack hit a Ukrainian international airport and three Russian media outlets today just four months after the "NotPetya" malware spread from two countries across the world.

Cybersecurity experts said the computer virus also appeared to have spread to Turkey and Germany as the day progressed -- but that its size appeared to be relatively small.

Ukraine's Odessa International Airport said on Facebook that its "information system" stopped functioning in the afternoon.

"All airport services are working in a reinforced security regime," the airport said without elaborating.

Its website showed air traffic going in and out of the Black Sea resort city according to schedule.

Russia's Interfax news agency -- one of the country's biggest -- also sent its last dispatch at 2:13 pm (1113 GMT) before falling silent.

A cyber security expert told AFP that the Fontanka news site in Russia's second city of Saint Petersburg and a third media outlet "whose name, unfortunately, we cannot reveal at this time" had also gone off line.

"We cannot say what it is at the moment," Yevgeny Gukov of the Group-IB IT security firm said in Moscow.

Gukov said the malware appeared to be using an encryption scheme that prevented analysts from deciphering the malicious code.

He said it went by the codename "Bad Rabbit" but needed to be analysed further.

A statement later issued by Kaspersky Lab said the attack appeared to have originated in Russia before also affected some corporate sites in Turkey and Germany.

"This ransomware infects devices through a number of hacked Russian media websites," it said in a statement.

"Based on our investigation, this has been a targeted attack against corporate networks, using methods similar to those used during the (NotPetya) attack."

The July "NotPetya" attack was a modified version of the "Petya" ransomware that hit last year and demanded money from victims in exchange for the return of their computer data.