After Petya, the ransomware cyber-attack that happened earlier this year, Russia, Ukraine and other Eastern European countries have been under another attack, most likely, from the same source. This one is called BadRabbit and is focused on many corporate networks, Kiev metro computer systems, Odessa International Airport and many others, for society vital, computer systems.
Cybersecurity researchers say that it is obvious that this attack has been planned for quite some time, probably since the first cyber-attack which happened earlier this summer, since both have so much in common.
For example, they both used the Windows Management Instrumentation Command-line, a scripting interface for managing devices and applications in a network so that they could spread more efficiently along with Mimikatz, a tool for harvesting passwords and other data from computers. And now they have been popping up in various systems, displaying a ransom message.
It is very easy for an inexperienced eye to catch this virus since it has been spreading through a drive-by download. To put it simply, a JavaScript is injected into an HTML body of a website or a .js file.
With the message saying that the Flash Player needs to be updated, the virus installs itself together with the downloaded update. It is, however, possible that this is only one method used to spread the virus.
As in other similar attacks, the random amount just increases as time goes by. It is still unclear who is behind these attacks.
There is undeniable evidence that links these cyber terrorists with Russia but it is not yet certain. What matters most is the prevention of this new virus to cause more harm than it already has, as was the scenario with the virus that was released earlier in the summer that took down many government agencies and businesses.