A new ransomware attack named BadRabbit is spreading across Russia and Ukraine damaging various news agencies and transportation systems. On Tuesday, the security community started tracking a new outbreak of ransomware which has affected hundreds of computers in Russia.
The new outbreak is targeting media companies in Russia, Ukraine’s Odessa International Airport, corporate networks and computer systems for the Kiev Metro. It has also been detected in other countries such as Japan, U.S., Bulgaria, Germany, and Turkey, according to security firms including ESET and Kaspersky.
The ransomware, dubbed “BadRabbit,” the virus is the latest example of cyber attackers which functions like a conventional ransomware, encrypting victims’ computers system and extorting money. It infects a victims’ computer and grabs files and demands a ransom. Higher authorities and government agencies are warning victims not to make payment saying that there is no guarantee they will get their files back.
Cybersecurity firm Kaspersky found that both Petya and BadRabbit emerged on several of the same hacked websites. Both spread through the Windows Management Instrumentation Command-line, a scripting interface for managing systems and applications in a network, and Mimikatz, a tool for extracting passwords and other credential data from computer.
It’s not clear who’s behind the outbreak, but the cybercriminals appear to be “Game of Thrones” fans. Security agencies found the references to characters from the popular book and TV series like Daenerys’ dragons and Grey Worm in the ransomware code.
A researcher from Cybereason suggested a “vaccine,” which can protect machine from attacks.