The US Department of Homeland Security issued a warning about the ‘Bad Rabbit’ ransomware.
The new malware attack locks locks-up infected computers – stopping users from accessing their files until a ransom is paid.
In this case, ‘Bad Rabbit’ requests 0.05 bitcoins, or about £213 ($280).
It’s not yet known whether it is possible to get back the files encrypted by Bad Rabbit, either by paying the ransom or by using some glitch in the code.
The US Department of Homeland Security did not identify any American victims, but has advised the public to refrain from paying ransoms.
It has asked users to report any infections to the Federal Bureau of Investigation through the government’s Internet Crime Complaint Centre.
Similarly, the GCHQ National Cyber Security Centre has confirmed it is “monitoring” the spread of ‘Bad Rabbit’.
The malware has already contaminated systems in Russia, Ukraine, Bulgaria, Turkey and Japan.
However, it is not yet known exactly how far the ransomware has spread across the globe.
The malware attacks are disturbing because attackers quickly infected critical infrastructure, including transportation operators, indicating it was a “well-coordinated” campaign, said Robert Lipovsky, a researcher with cyber firm ESET.
Odessa Airport in Ukraine was forced to delay flights because workers had to process passenger data manually following the ‘Bad Rabbit’ infection.
Meanwhile, the metro system in Kiev reported a hack on its payment system but said trains were running normally.
Russian cyber-security firm Kaspersky Lab said BadRabbit appeared to spread through a mechanism similar to June’s destructive NotPetya virus, which took down many Ukrainian government agencies and businesses.
It then spread across corporate networks of multinationals with operations or suppliers in eastern Europe.
Kaspersky said it was investigating to see whether BadRabbit was related to NotPetya.
Ukrainian banking services, which have been hit by previous attacks, were unaffected, according to the nation’s central bank.
Earlier this year, the “WannaCry” ransomware triggered the closure of NHS hospitals, factories and other facilities around the globe for days.
F5 Networks Senior Systems Engineer Paul Dignan told Express.co.uk, “The Bad Rabbit infection is not captured by most common anti-virus solutions, which means users could be infected without knowing.
“Initial analysis indicates that the malware script identifies target users and presents them with a bogus Adobe Flash update prompt.
“When the user accepts this, malware is downloaded and the encryption attack takes place.
“In the absence of stringent controls and appropriate security solutions, businesses are left in the hands of their users.
“As with many aspects of information security, prevention is better than cure.
“Unfortunately, ransomware is difficult to totally prevent and there is no silver bullet for protecting against this type of attack.”
Anti-virus company Kaspersky has a number of tips for people to avoid becoming a victim of Bad Rabbit –
- Ensure Kaspersky System Watcher and Kaspersky Security Network are running on your system
- If you’re not a Kaspersky customer, manually block the execution of files c:\windows\infpub.dat and c:\Windows\cscc.dat.
- Disable WMI service (if it’s possible in your environment) to prevent the malware from spreading over your network.
- Back up your data – and don’t pay the ransom.