Bad Rabbit ransomware: A new variant of Petya is spreading warn researchers
Bad Rabbit ransom note
Image: Kaspersky LabBad Rabbit, a ransomware infection thought to be a new variant of Petya, has apparently hit a number of organisations in Russia and Ukraine.
In a tweet, Russian cyber security firm Group-IB said that at least three media organisations in the country have been hit by encrypting malware.
At the same time Russian news agency Interfax said its systems have been affected by a 'hacker attack'.
"Interfax Group's servers have come under a hacker attack. The technical department is taking all measures to resume news services. We apologize for inconvenience." Interfax said in a statement.
Meanwhile, several Ukrainian organisations have posted about systems failing - payment systems on the Kiev Metro appear to have fallen victim, while in a statement on its Facebook page, Odesea International Airport says its information system has been hit by hackers.
"We inform that the information system of the International Airport "Odessa" suffered a hacker attack," reads a translation of the post.
Cybersecurity researchers at ESET are among those monitoring the attack and have identified the ransomware encrypting some computers to be Diskcoder.D, -- a new variant of ransomware known also as Petya, a particularly vicious form of file-encrypting malware which hit organisations around the globe in June.
ESET say the ransomware is being spread by a fake Flash update.
"ESET's telemetry has detected hundreds of occurrences of Diskcoder.D. Most of the detections are in Russia and Ukraine, however, also there are reports of computers in Turkey, Bulgaria and other countries are affected," it said.
Researchers at Kaspersky Lab say the cryptography behind this ransomware is called Bad Rabbit - victims are sent to a page with the same title on Tor in order to pay a ransom of 0.05 Bitcoins to get their files back.
More on this story as it develops
from Latest Topic for ZDNet in... http://ift.tt/2gz9xNj