Ransomware Targets Transit and Goverment Organizations in Ukraine, Russia

Ransomware Targets Transit and Goverment Organizations in Ukraine, Russia

A new ransomware called Bad Rabbit (variant of Petya) is spreading through Ukraine and Russia.

[UPDATE: Oct. 25, 2017 9:00 AM]

Bad Rabbit has continued to spread overnight in places like Russia, Ukraine and Poland. CrowdStrike has been following the ransomware closely and has provided Security Today with their expert insight on the wide spread cyberattack.

“CrowdStrike Intelligence has observed that a cyber attack leveraging ransomware-style malware called BadRabbit was targeting entities in Eastern Europe," VP of Intelligience Adam Meyers said. "Initial investigation of this activity suggests several parallels with the destructive NotPetya malware that targeted Ukrainian interests in June 2017, although verification of these overlaps is ongoing at this time.

"To date, CrowdStrike Intelligence has found that BadRabbit and NotPetya DLL (Dynamic Link Library) share 67% of the same code, giving us reason to believe the same actor is likely behind both attacks. Bad Rabbit is likely delivered via the website argumentiru[.]com which is a current affairs, news and celebrity gossip website focusing on Russian and near-abroad topics.

"CrowdStrike Intelligence can confirm that this website was hosting a malicious JavaScript inject as part of a Strategic Web Compromise (SWC) attack on 24 October 2017.”

Original story posted below.

A new wave of ransomware has hit several targets in Russia and Eastern Europe on Tuesday, according to media reports and several security companies.

The malware, named "Bad Rabbit," has hit three Russian media outlets, including the news agency Interfax, according to Russian security firm Group-IB. Once it infects a computer, Bad Rabbit displays a message in red letters on a black background, a similar scene to those who were impacted by the massive NotPetya breach.


The ransom message asks victims to log into a hidden service website to make a payment of 0.5 bitcoins, valued at $282. The site also displays a countdown of over 40 hours before the price of decryption goes up.

The airport of Odessa, in Ukraine was also hit by a damaging cyberattack on Tuesday, but at this point it is unclear if it was hit by Bad Rabbit.

The Ukrainian computer emergency agency CERT-UA posted an alert warning of a new wave of cyberattacks, but it did not clearly mention Bad Rabbit.

Kaspersky Lab said in a blog post that that "most" Bad Rabbit infections are in Russia. Some also in Ukraine, Turkey and Germany. The company called Bad Rabbit "a targeted attack against corporate networks."

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

  • Motorola Solutions Named Official Safety Technology Supplier of the Ryder Cup through 2027

    Motorola Solutions has today been named the Official Safety Technology Supplier of the 2025 and 2027 Ryder Cup, professional golf’s renowned biennial team competition between the United States and Europe. Read Now

  • Evolving Cybersecurity Strategies

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.