Cybersecurity experts said the ransomware -- which posed as an Adobe update before locking down computers and demanding money for people to get their files back -- targeted Russian media companies and Ukrainian transportation systems. It has also been detected in other countries including the U.S., Germany and Japan. The U.S. Computer Emergency Readiness Team said late Tuesday it "has received multiple reports of ransomware infections ... in many countries around the world."
Dubbed "Bad Rabbit," the virus is the latest example of cybercriminals using ransomware to try to extort money from victims across the globe. Two major international attacks earlier this year -- NotPetya and Wannacry -- caused widespread disruption affecting businesses, government institutions and hospitals.
When Bad Rabbit infects a computer, it seizes files and demands a ransom. Experts and government agencies advise victims not to pay up, warning that there's no guarantee they will get their files back.
On Tuesday, the virus attacked Russian media groups Interfax and Fontanka, and transportation targets in Ukraine including Odessa's airport, Kiev's subway and the country's Ministry of Infrastructure of Ukraine, according to Russian cybersecurity firm Group-IB. Interfax confirmed its servers had gone down due to a cyberattack. Most of the victims were located in Russia, but attacks were also observed in Ukraine, Turkey, and Germany. Cybersecurity firm ESET also identified cases of Bad Rabbit in Japan and Bulgaria. Another company, Avast, says the ransomware has been detected in the U.S., South Korea and Poland.
The Bad Rabbit ransomware infiltrated computers by posing as an Adobe Flash installer on compromised news and media websites. It serves as a reminder that people should never download apps or software from pop-up advertisements or websites that don't belong to the software company.
ESET says once the ransomware infected a machine, it scanned the network for shared folders with common names and attempted to steal and exploit user credentials to get on other computers.
No comments:
Post a Comment