Malware attack strikes Russia's main independent newswire

Register now

(Bloomberg) -- Russia’s main independent newswire, Interfax, continued to offer only limited service after its network was struck by a ransomware computer virus.

“We’ve fully restored news production, but not all channels of distribution,” Interfax director Yuri Pogorely said, after the company switched to reporting via the Telegram messenger service and Facebook when its online site was paralyzed on Tuesday. “Our flagship Spark database is fully operational and our public services are planned to be online by the end of the day,” he said in an interview.

At least three Russian media outlets, including online newspaper Fontanka, were attacked by the Badrabbit virus, according to Moscow-based cybersecurity firm Group-IB. The malware also struck unspecified top Russian banks but didn’t harm their operations, the company said. Ukrainian government organizations and strategic infrastructure, including Odessa’s airport, were also affected.

Badrabbit spread to almost 200 targets in Russia, Ukraine, Germany and Turkey, the Moscow-based Kaspersky Lab said in its security blog. It appears similar to the exPetr ransomware that struck businesses and government systems around the world in June, according to the company, which said it couldn’t confirm any link between the two attacks.

Blamed by the U.S. for hacking the 2016 presidential election campaign, Russia has itself been targeted by cybercriminals recently. Wireless carrier MegaFon PJSC and government entities suffered ransomware breaches in May, according to state television. In September, hackers used IP-telephony to issue fake bombs alerts, which led to hundreds of thousands of people being evacuated from malls, schools and other buildings.

The creators of the malware may be fans of Game of Thrones as some of the computer code contains the names of characters from the fantasy drama, Kaspersky wrote.

--With assistance from Ilya Arkhipov

Bloomberg News