Photographer: Andrey Rudakov/Bloomberg

Russian News Agency Interfax Faces ‘Unprecedented’ Hacker Attack

Updated on
  • Interfax, other media hit by badrabbit virus, Group-IB says
  • Russian banks also attacked, unaffected so far, company says

Russia’s central bank said it will investigate a computer virus attack that disrupted services on Interfax, the country’s main independent newswire that’s a major carrier of corporate market disclosures.

The bank will work on mechanisms to reduce the likelihood of service disruptions in public disclosure wires, the regulator said in a website statement on Wednesday. No resources of financial organizations were compromised in the attack by the badrabbit virus, it said.

“We’ve fully restored news production, but not all channels of distribution,” Interfax director Yuri Pogorely said, after the company switched to reporting via the Telegram messenger service and Facebook when its online site was paralyzed by the virus on Tuesday. Its Spark database of Russian, Ukrainian and Kazakh company data “is fully operational and our public services are planned to be online by the end of the day,” he said in an interview.

At least three Russian media outlets, including online newspaper Fontanka, were hit by the ransomware virus, according to Moscow-based cybersecurity firm Group-IB. The malware struck unspecified top Russian banks but didn’t harm their operations, the company said. Officials in Ukraine said a card-payment system on the metro in the capital, Kiev, was also affected, while the virus disrupted passenger registration at Odessa’s airport.

Badrabbit spread to almost 200 targets in Russia, Ukraine, Germany and Turkey, the Moscow-based Kaspersky Lab said in its security blog. It appears similar to the exPetr ransomware that struck businesses and government systems around the world in June, according to the company, which said it couldn’t confirm any link between the two attacks.

Blamed by the U.S. for hacking the 2016 presidential election campaign, Russia has itself been targeted by cybercriminals recently. Wireless carrier MegaFon PJSC and government entities suffered ransomware breaches in May, according to state television. In September, hackers used IP-telephony to issue fake bomb alerts, which led to hundreds of thousands of people being evacuated from malls, schools and other buildings.

The creators of the malware may be fans of Game of Thrones as some of the computer code contains the names of characters from the fantasy drama, Kaspersky wrote.

— With assistance by Ilya Arkhipov, and Torrey Clark

    Before it's here, it's on the Bloomberg Terminal.