According to various cybersecurity firms, the growing virus is dubbed “BadRabbit” and is a form of ransomware that bolts down machines and requires bitcoin from administrators.
Screenshots of the infections posted to social media revealed BadRabbit asking for 0.05BTC for decryption, which is similar to £215 ($280).
Reports show that the Kiev Metro, Odessa naval port, and Odessa airport were all infected. Two Russian news terminals, Interfax and Fontanka, also had outages.
On 24 October 2017, Interfax tweeted: “Due to hacker attack Interfax servers broke. The technical services shall take all actions to restore the work systems.
“While core support Interfax remain inaccessible due to the attacks, we announce news on our Facebook.”
Eset, a Slovakian cybersecurity company, said that original analysis suggested the malware was “Diskcoder.D” – otherwise understood as “Petya”. The same variant was responsible for a major cyber attack in June ahead this year which ultimately spread across the globe.
The security firm found that epidemics were rising.
“ESET’s telemetry has identified hundreds of occurrences of Diskcoder.D,” it reported, adding: “Most of the discoveries are in Russia and Ukraine, however, also there are addresses of computers in Turkey, Bulgaria, and other nations are affected.
“ESET security researchers are operating on a comprehensive analysis of the Diskcoder.D malware.
“According to their prefatory findings, Diskcoder.D uses the Mimikatz tool to extract credentials from the modified systems. Apart from this, it has also a hardcoded list of credentials.”
In a separate blog post, Moscow-based cyber security firm Kaspersky Lab said that the bulk of victims were located in Russia, but stressed that its probe was ongoing.
It elaborated: “We have also seen related but fewer attacks in Ukraine, Turkey, and Germany. This ransomware has affected devices through a number of hacked Russian media websites.
“Based on our research, this is a targeted attack against corporate networks, using systems similar to those used in the Petya attack. However, we cannot prove it is related to ExPetr. We continue our investigation.” The firm urged victims not to pay the payment.