Eastern Europe Faces New Ransomware Assault

"Malware called BadRabbit is bouncing between networks in Russia, Ukraine, Turkey, and Bulgaria, demanding Bitcoin payment in exchange for decryption of files." (Image credit: CyberHades/Flickr)

A new ransomware called BadRabbit struck eastern Europe on Tuesday, with targets including the Odessa airport in the Ukraine and a few Russian media outlets, among others.

In each case, users are presented with a black-and-red screen of text demanding a payment of 0.05 bitcoin (about $280, for now) in order for their files to be decrypted. A timer claims that the ransom will increase after 40 hours.

The virus appears to spread via a fake Adobe Flash Player installer and makes use of "a Windows flaw known as EternalBlue that was identified by and leaked from the NSA and has now been used in several malware attacks."

Once on a computer, says a staff member of the security firm McAfee, BadRabbit can encrypt a bunch of common file types, including Microsoft Office documents and image files.

According to Reuters, the majority of victims were in Russia, with others in the Ukraine, Bulgaria, Turkey and Japan. While there have been no identified attacks in the U.S., the Department of Homeland Security released a warning:

It did not identify any U.S. victims but advised the public to refrain from paying ransoms and report any infections to the Federal Bureau of Investigation through the government’s Internet Crime Complaint Center.