"The Bank of Russia registered a computer attack using malicious software such as BadRabbit ransomware… As a result of the distribution of malicious software BadRabbit, the facts of compromising the resources of financial organizations are not registered."
Russia's Kaspersky Lab cybersecurity company has registered nearly 200 attacks with ransomware called BadRabbit across the world, with most of the targets located in Russia. Similar but fewer attacks were registered in other countries – Ukraine, Turkey and Germany.
Later in the day, Russian cyberforensics company Group-IB, which prevents and investigates cybercrimes has recorded cyberattacks using the BadRabbit cryptographic virus on a number of Russian media outlets.
In particular, BadRabbit ransomware paralyzed the Russian news agency Interfax and St. Petersburg-based news website Fontanka.ru. In addition, the Kiev Metro and Odessa airport said their banking and communications systems were also targeted.
What is BadRabbit?
BadRabbit encrypts the contents of a computer and promises to release the data for 0.05 bitcoins (about $276).
The new ransomware is a modified version of the NotPetya virus. The BadRabbit connection with NotPetya is indicated by matches in the code.
Cyberattackers used the program Mimikatz, which intercepts the infected machine's logins and passwords. Also, the code includes registered logins and passwords for attempts to obtain administrative access.
This major ransomware attack comes is the third this year after the WannaCry that hit global IT infrastructure in May, infecting hundreds of thousands of computers worldwide through Windows OS and Petya, which hit the IT systems of organizations across the world in June.