Skip to Content
Uncategorized

A New Strain of Ransomware Is Hitting Eastern Europe

October 24, 2017

Malware called BadRabbit is bouncing between networks in Russia, Ukraine, Turkey, and Bulgaria, demanding Bitcoin payment in exchange for decryption of files.

Reuters reports that Odessa airport (pictured above) and the metro system in Kiev, both in Ukraine, have been hit by the malware. Russian cybersecurity firm Group-IB says that at least three of the nation’s media organizations have been hit. Security researchers at ESET claim to have spotted instances of the attack in Bulgaria and Turkey. More attacks will no doubt be mentioned on Twitter as they're discovered.

In each case, users are presented with a black-and-red screen of text demanding a payment of 0.05 bitcoin (about $280, for now) in order for their files to be decrypted. A timer claims that the ransom will increase after 40 hours.

The BadRabbit ransomware appears to spread via a fake Adobe Flash Player installer, according to researchers at security firm Proofpoint, seemingly using a Windows flaw known as EternalBlue that was identified by and leaked from the NSA and has now been used in several malware attacks. Once on a computer, says a staff member of the security firm McAfee, BadRabbit can encrypt a bunch of common file types, including Microsoft Office documents and image files.

Sound familiar? Well, the attack carries many echoes of recent ransomware schemes, such as NotPetya and WannaCry. So far, though, opinion is divided over whether BadRabbit is connected to previous attacks: ESET says it may be a variant of not NotPetya, while Kaspersky says it can’t say with certainty.

One thing is for sure: like other recent malware attacks, it’s causing chaos for those who are hit. We’ll have to wait and see just how big the attack becomes.

Keep Reading

Most Popular

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.