Massive New Ransomware Attack Hits Eastern Europe

October 25, 2017 by Paul Ausick

A new variation of the “NotPetya” ransomware that hit thousands of government and private computer systems in June has been reported to have struck hundreds of targets in Eastern Europe. The attack was aimed primarily at Russia and Ukraine, but systems in Bulgaria, Germany and Turkey have also been affected.

CNN reported that the attack, posing as an updater to the Adobe Flash program, has also been detected in the United States and Japan.

The new malware has been dubbed “Bad Rabbit” and uses the same code base as the NotPetya attack. A disk encryption module installs a modified bootloading program that prevents the normal booting process in an infected machine.

When a user tries to boot an infected machine, the malware displays a screen message demanding payment in order to decrypt and release the files. The U.S. Computer Emergency Readiness Team (US-CERT) discourages individuals and organizations from paying the ransom because payment does not guarantee that access will be restored.

Among the most high-profile targets thus far are major news outlets such as Russia’s Interfax Agency, and Ukraine’s Kiev Metro, its Odessa International Airport, and ministries of infrastructure and finance, according to a report at Dark Reading.

If there is a bit of good news, cybersecurity experts do not expect Bad Rabbit to cause as much damage as the Petya, NotPetya and WannaCryransomware attacks that struck earlier this year. A researcher at security vendor ESET said:

Considering the infection capabilities we discovered in the samples, spreading outside Ukraine is theoretically possible but much less likely than in the June NotPetya case, due to the lack of EternalBlue spreading mechanism.

The earlier malware attacks used an exploit called “Eternal Blue” that is believed to have been developed by the U.S. National Security Agency and was leaked online in April by a hacker group that calls itself the Shadow Brokers. Bad Rabbit does not have the worm-like code used by Eternal Blue, instead employing hard-coded stolen credentials to perform its dirty work.

ALSO READ: Ransomware Is Big Business on the Dark Web

Take This Retirement Quiz To Get Matched With A Financial Advisor (Sponsored)

Take the quiz below to get matched with a financial advisor today.

Each advisor has been vetted by SmartAsset and is held to a fiduciary standard to act in your best interests.

Here’s how it works:
1. Answer SmartAsset advisor match quiz
2. Review your pre-screened matches at your leisure. Check out the advisors’ profiles.
3. Speak with advisors at no cost to you. Have an introductory call on the phone or introduction in person and choose whom to work with in the future

Take the retirement quiz right here.

Posted in Technology | Comments Off on Massive New Ransomware Attack Hits Eastern Europe