The cryptoware BadRabbit attempted to attack some of top 20 Russian banks, Ilia Sachkov, CEO of Group-IB, the company dealing with prevention and investigation of cybercrimes, told RIA News.
“Group-IB recorded an attempted virus infecting of the infrastructures of some Russian banks, which use the intervention detection systems. These files were sent there on Tuesday, from 01:00 to 03:00 pm. That is this virus also attempted to spread over these banks”, he said.
The new cryptoware is a modified version of NotPetya virus, which affected IT systems of the organizations in several countries in June. The code matchings point at the connection between BadRabbit and NotPetya.
Mimikaz software, which intercepts the logins and passwords on the infected machine, is used in the attack. The code also has already written logins and passwords for attempts to obtain an administrative access.
Kaspersky Lab told that the virus mostly affected Russian users, less – companies in Germany, Turkey and Ukraine. The spreading happened through infected mass media.
On Tuesday, Kyiv metropolitan and Odessa airport reported hacker attacks on their banking and information systems. Interfax and Fontanka.ru also reported that they were subjected to cyberattacks from the cryptoware, named BadRabbit by experts. The perpetrators demand ransom of 0.05 bitcoins for decrypting files (283 dollars as per the current exchange rate).