Hackers compromised a handful of Russian news media outlets as media organization Interfax and other websites and businesses, including the Kiev Metro service. The Ukrainian Computer Emergency Response Team said Odessa Airport was also hit, as the former warned of “a possible start of a new wave of cyberattacks to Ukraine’s information resources,” while Ukraine’s finance and infrastructure departments were targeted.
Bad Rabbit screen on infected computer
Bad Rabbit ransomware first started infecting systems on Tuesday 24 October.The cyber-attack has hit organisations across Russia and Eastern Europe. Researchers at Avast say they’ve also detected the malware in South Korea. The encryption uses DiskCryptor, which is open source legitimate and software used for full drive encryption. Keys are generated using CryptGenRandom and then protected by a hardcoded RSA 2048 public key. It spreads via a fake Flash update on compromised websites. Infected websites have JavaScript injected in their HTML body or in one of their .js files. Bad Rabbit doesn’t appear to indiscriminately infecting targets, rather researchers have suggested that it only infects selected targets. It’s still unknown who is distributing the ransomware or why. The creator of Bad Rabbit appears to be a fan of Game of Thrones: the code contains references to Viserion, Drogon, and Rhaegal, the dragons which feature in television series. Kaspersky Lab says users can block the execution of file ‘c: \ windows \ infpub.dat and C: \ Windows \ cscc.dat.’ in order to prevent infection.
