MOSCOW – A Russian computer security company said on Wednesday it has detected at least 200 cyberattacks launched by an encrypting virus identified as BadRabbit that infects computers and demands a ransom to recover them.
Cybersecurity firm Kaspersky Lab has compared the attacks by the ransomware known as “Bad Rabbit” to two large-scale attacks earlier in the year by WannaCry and ExPetr (aka Petya and NotPetya) malware.
According to Kaspersky, BadRabbit “is a ‘drive-by attack:’ Victims download a fake Adobe Flash installer from infected websites and manually launch the .exe file, thus infecting themselves.”
The attack was detected early on Oct. 24 under the BadRabbit name, a title shown on the darknet website linked to the ransom note.
The perpetrators of the attack are demanding 0.05 bitcoin (around $280) as a ransom payment.
A drive-by attack requires no action on the part of the victim other than simply visiting the compromised website and getting infected automatically if their computer is vulnerable, often due to failing to update their computer’s security patches, Kaspersky said.
“Several big Russian media outlets, with Interfax news agency and Fontanka.ru are among the confirmed victims of the malware,” Kaspersky’s researchers said, adding that most of the malware’s victims were located in Russia with some attacks in Ukraine, Turkey, and Germany.
The company said it was not yet known whether it was possible to recover files encrypted by Bad Rabbit, either by paying the ransom or by using some vulnerability in the ransomware code.
According to Kaspersky, those behind the malware are fans of the “Game Of Thrones” franchise, as some of the computer code used names from the series.
Kaspersky experts have strongly advised computer users to back up their data files and refuse to pay the ransom.