The “BadRabbit” malware that struck on Tuesday appeared to be the largest since “NotPetya” was launched from the same two countries before affecting the rest of the world in July.
The ransomware infected devices through a number of hacked Russian media websites, with a message appearing demanding payment before the user’s files could be recovered, the Russian security firm Kaspersky Lab said.
“Most of the targets are located in Russia. Similar but fewer attacks have also been seen in other countries -– Ukraine, Turkey and Germany. Overall, there are almost 200 targets,” the company said.
Ukraine’s Odessa International Airport said its “information system” stopped functioning on Tuesday afternoon, but flights were later going in and out of the Black Sea resort according to schedule.
Russian media outlets were also affected, including the major news agency Interfax and the Saint Petersburg independent news site Fontanka.
“We have only managed to reestablish our work capabilities in part … unfortunately not all our news delivery systems are working. Our internet is still not working,” an Interfax executive said Wednesday.
Fontanka on Wednesday tied the attack to its series of investigative reports about Russia’s involvement in the Syrian conflict.
But Russian and Ukrainian authorities said the attacks were random rather than targeted.
“With all due respect to big media organisations, they are not critical infrastructure,” telecoms minister Nikolai Nikiforov said when asked about the attack on Russian media.
“This was not a targeted attack. Ukrainian entities were not the only ones to be effected,” the cybersecurity department of Ukraine’s police force said in a statement.
The US Computer Emergency Readiness Team, an organisation within the Department of Homeland Security, issued a note on “Bad Rabbit” discouraging users from paying the ransom, saying this “does not guarantee that access will be restored.”