BadRabbit: The Ghost of NotPetya Ransomware Strikes Europe
Just when you thought it was safe to put NotPetya (aka Petya) in the rear view, a new variation on the ransomware has returned to attack hundreds of computers in Russia and elsewhere.
The security community began tracking the new ransomware strain, called BadRabbit, as it infected computers in Russia, Ukraine, Turkey, Bulgaria, and Germany. While the new series of attacks is nowhere near the size of the NotPetya outbreak, it has hit several media outlets, and the Odessa airport and Kiev subway system. The result: paralyzed IT systems and disabled credit card payments.
Strong evidence has tied the new attack to the NotPetya developers, with analysts noting the new ransomware spreads using Microsoft’s Server Message Block protocol, much like NotPetya had. If both ransomware strains are from the same programmers, questions about as to their ultimate motivations.
Since it feels like there’s a new cybersecurity news alert every week, it can be easy to forget how badly NotPetya hurt some organizations. Merck offered a serious reminder, revealing in a recent earnings call that the attack had cost them more than $300 million in Q3 and likely as much in Q4.
Because of a production shutdown caused by the attack, the pharmaceutical company lost about $240 million in sales. It also hurt the workforce – because employees weren’t allowed to use their email systems during the period of the attack, more sales were lost on that end.
DRI’s Al Berman commented on the Petya/NotPetya ransomware attacks back in June – click here to read his take on how organizations should respond.
To learn more about DRI International’s IT/DR Planning course and how it can help your organizations increase its preparedness, click here.