Odessa Airport and Kiev Metro System

In October 2017, the Odessa Airport along with the Kiev Metro subway in the Ukraine were targeted by the Bad Rabbit ransomware through a method called a “drive-by.” A drive-by attack is where insecure websites are targeted, in which a user visits the website, clicks on a link, and is infected with malware. This form of malware is actually called malware dropper.

In this cyber attack, users were instructed to install a version of Adobe Flash, in which they were deceived into installing the malware. Over 200 people were targeted as they were locked out of their systems. This caused several flights to be delayed as employees had to stick to paper and pen for business purposes. A news station and a bank were also targets of the attack although no information was compromised.

This form of ransomware was unique it its form because it asked victims to navigate to a Tor Hidden Service and pay a ransom of a fraction of a Bitcoin, which was roughly $275 at the time. A ticking clock was displayed as well, indicating how much time the victim had to make the payment. The ransom would also increase as time ran out.

Additionally, experts say Bad Rabbit has ties to a previous malware family, known as NotPetya. Researchers at Kaspersky Lab stated that the code for the malware had references to the popular TV show, Game of Thrones. 

Fortunately, the ransomware attack only lasted for half a day, having minimal effect on company systems and the server from which the attack was hosted went down by the evening. There was no indication as to whether the companies paid any ransom.  The airport and railway have hired an experienced IT team to help identify cyberattacks and monitor any future suspicious activity.