New Cyberattacks Hit Ukraine, Russia; U.S. Issues Warning

Odesa has one of Ukraine's biggest airports (file photo)

A new wave of cyberattacks seeking to extract ransoms from computer users hit a major Ukrainian international airport as well as the Kyiv subway ticketing system, and three Russian media outlets.

While no major outages were reported in the United States, the U.S. government issued a warning to computer users on October 24 to guard against the attacks, which followed campaigns in May and June that used similar malware and were also concentrated in Russia and Ukraine.

The cyber firm ESET estimated that more than half the victims of the latest attacks, dubbed "BadRabbit," were in Russia, followed by Ukraine, Bulgaria, Turkey and Japan.

Ransomware is a type of computer virus that locks up infected computers and asks victims to pay a ransom to restore access.

Earlier on October 24, Ukraine's Computer Emergency Response Team (CERT) said the new wave of hacks was targeting the country, and called on transportation networks to be on high alert.

"We ask the owners of telecommunication systems, other information resources, transport infrastructure first of all, as well as ordinary Internet users, to comply with stricter cybersecurity requirements," CERT said in a statement.

Odesa's international airport said that its information system stopped functioning in the afternoon.

It said in a statement, "We report that the IT system of Odesa international airport has been hit by a hacker attack. All services of the airport are working in a reinforced security regime."

Its website showed air traffic going in and out of the Black Sea resort city according to schedule.

Also on October 24, the Kyiv subway wrote on Facebook that its computer system was attacked by hackers and informed clients that card payment for services was temporarily impossible.

Ukraine's Central Bank said the banking system was working normally.

Ukraine suspects Russia is behind regular attacks on its computer systems, but Moscow denies any involvement.

In Russia, the Interfax news agency -- one of the country's biggest -- also sent its last dispatch at 2:13 p.m. local time before falling silent.

Yevgeny Gukov, a Moscow-based cybersecurity expert from Moscow, said the Fontanka news site in Russia's second city of Saint Petersburg and a third media outlet "whose name, unfortunately, we cannot reveal at this time" had also gone off line.

"We cannot say what it is at the moment," said Gukov, who works for the Group-IB IT security firm.

Gukov said the malware appeared to be using an encryption scheme that prevented analysts from deciphering the malicious code.

Group-IB later issued a statement saying the cyberattack appeared to have its origins in Russia and had also hit corporate sites in Turkey and Germany.

"This ransomware infects devices through a number of hacked Russian media websites," Group-IB said.

"Based on our investigation, this has been a targeted attack against corporate networks, using methods similar to those used during the [NotPetya] attack."

The "NotPetya" attack, which took place in July, was a modified version of the "Petya" ransomware that hit last year. "Petya" demanded money from victims in exchange for the return of their computer data.

With reporting by Reuters and AFP