Yesterday's virus-extortionist was supplemented and corrected NotPetya

The virus-encryptor, trying to attack Russian banks and hit computers of a number of Ukrainian organizations and Russian media, is called BadRabbit. Experts of the company "Group-IB", who analyzed it, noted that the new "extortioner" is nothing but an improved version of the good old "Petit" that raged last spring. Cyber ​​security specialists were able to trace the domain name from which the virus began to spread. There is a possibility that attackers can be tracked.

"The investigation showed that the distribution of malicious software was conducted from the resource 1dnscontrol.com. The domain name 1dnscontrol.com has an IP of 5.61.37.209, "the message circulated by Group-IB reads.

Employees of Group-IB explain that BadRabbit is an improved and modified version of the NotPetya virus, in the code of which encryption algorithms are corrected and there are a number of innovations. Nevertheless, the code for the new virus has pieces of code that are completely similar to those found in NotPetya earlier.

Ilya Sachkov, General Director of the Group-IB company, told Sputnik radio that the available clue will help to find intruders, but it does not exclude that such attacks can be repeated in the future. The fact is that the toolkit for creating similar viruses is freely available, which means that virtually anyone can improve and implement it.

Having penetrated the computer, the extortion virus encrypts all the data on the hard disk, blocks the user's access to the PC and begins to extort a fee of 0.05 biteconds for unlocking (about $ 300 at the current rate).

"There is a great chance to understand where the physical arms and legs of this attack come from. You can determine who made the attack. The domain name was registered back in 2016, someone pays for it, several more malicious domains are associated with it. People who created them, operated since 2011. That is, in our opinion, a fairly understandable criminal group. Not the fact that it was connected with this attack, but she was engaged, including, spam and phishing. Unlike previous attacks, we already have a certain human trace and logic, which will allow law enforcement agencies to conduct operative-search activities and detain those who did it, "Ilya Sachkova, RIA Novosti quotes.

Among the first victims of the new cryptographic virus were Kiev Metro, Odessa airport and a number of Russian media, including Interfax and Fontanka.

The article is based on materials https://hi-news.ru/technology/vcherashnij-virus-vymogatel-okazalsya-dopolnennym-i-ispravlennym-notpetya.html.