A cyber-attack hit a Ukrainian international airport and three Russian media outlets Tuesday before also being detected by IT experts in Germany and at least two other European states.
The malware called “BadRabbit” appeared to be the largest since “NotPetya” was launched from the same two countries before affecting the rest of the world in July.
US and Russian cyber-security experts said the computer virus had also reached Turkey and Bulgaria in addition to Germany and a few other countries – but that its size still appeared to be relatively small.
Ukraine’s Odessa International Airport said on Facebook that its “information system” stopped functioning in the afternoon.
“All airport services are working in a reinforced security regime,” the airport said.
Its website showed air traffic going in and out of the Black Sea resort city according to schedule.
Russia’s Interfax news agency – one of the country’s biggest – also sent its last dispatch at 2:13pm (11:13am GMT) before falling silent.
It had still not resumed service by 11:00pm and its Internet site remained inaccessible.
A Moscow cyber-security expert told AFP that the Fontanka news site in Russia’s second city of Saint Petersburg and a third media outlet “whose name, unfortunately, we cannot reveal at this time” had also gone off line.
Yevgeny Gukov of the Group-IB IT security firm said the malware appeared to be using an encryption scheme that prevented analysts from deciphering the malicious code.
Kaspersky Lab said the “ransomware infects devices through a number of hacked Russian media websites.”
“Based on our investigation, this has been a targeted attack against corporate networks, using methods similar to those used during the (NotPetya) attack,” Kaspersky Lab said in a statement.
And the US-based ESET cyber-security group said it had also detected “a new variant of ransomware known also as Petya”.
Ukraine attack contained
The July “NotPetya” attack was a modified version of the “Petya” ransomware that hit last year and demanded money from victims in exchange for the return of their computer data.
But there appeared to be some initial confusion about the nature of the new cyber threat facing Europe.
ESET said the malware “uses the Mimikatz tool to extract credentials from the affected systems”.
But the Security Service of Ukraine (SBU) said its IT experts detected a phishing attack that attempted to obtain sensitive personal details such as passwords through emails.
The SBU said the culprits were using “emails with return addresses associated with the technical support service of Microsoft”.
The US software giant issued no immediate comment.
The SBU added that “the spread of the virus has stopped” in Ukraine.