24-Oct-2017: BadRabbit Ransomware Attacks Hit Russia, Ukraine

A ransomware attack has put a halt to business inside a handful of Russian media outlets and a number of major organizations in the Ukraine, including Kiev’s public transportation system and the country’s Odessa airport.

The attacks are known as Bad Rabbit and harken back to the ExPetr/NotPetya attacks of this summer which also concentrated in Ukraine and Russia, but instead spread wiper malware used in the Petya attacks of 2016.

This ransomware infects devices through a number of hacked Russian media websites. This has been a targeted attack against corporate networks, using methods similar to those used during the ExPetr attack.

ExPetr emerged in late June and was quickly scrutinized as more dangerous than WannaCry, which spread globally just a month earlier. Like WannaCry, the attackers behind ExPetr used the leaked NSA exploit EternalBlue to spread the malware. In the early hours of the attack, Danish shipping giants Maersk and Russian oil company Rosneft were reporting infections and impacts to their respective businesses. It was eventually determined that ExPetr was not a ransomware attack, but a wiper.