game of thrones dragon

‘Bad-rabbit’ ransomware sweeps across Russia and Ukraine with Game of Thrones references galore

Image credit: DT

A large number of computers in the Ukraine and Russia have been infected with a ransomware dubbed ‘Bad Rabbit’ that demands a payment of 0.05 bitcoin (£250) in order to decrypt users’ data.

As is typical for ransomware, the program encrypts user data on the affected computer, rendering it inaccessible until the fee is paid.

In a news post, Kaspersky Lab equated the malware to WannaCry and ExPetr, major attacks that took place earlier this year with the former having devastating effects on the UK’s NHS.

Unusually, ‘Bad Rabbit’ contains references to hit TV show Game of Thrones, including mentions of the character Gray Worm and the names of two of the dragons in the show.

“According to our findings, the attack doesn’t use exploits,” the news post reads. “It is a drive-by attack: victims download a fake Adobe Flash installer from infected websites and manually launch the .exe file, thus infecting themselves.

“Our researchers have detected a number of compromised websites, all news or media sites.”

Whether it’s possible to get back files encrypted by Bad Rabbit (either by paying the ransom or by using some glitch in the ransomware code) isn’t yet known, although experts from Kaspersky Lab antivirus experts are currently investigating the attack to see what can be done.

Although most of the affected users were in Russia, other attacks have been detected in Turkey and Germany.

Kaspersky urged those who had the virus on their system not to pay the ransom, sentiments echoed by the US government.

Meanwhile, the Bank of Russia said some Russian financial organisations suffered from the attack but were not ultimately compromised.

Kaspersky Lab has come under fire this year after the US government alleged that it was using its software to provide a backdoor for the Russian government to commit acts of espionage.

It recently launched a “transparency initiative” in an attempt to combat concerns that the Russian government is using the company’s software as a backdoor to conduct espionage operations. 

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles