KIEV, Oct 31 (Reuters) - Hackers behind the NotPetya virus that hit Ukraine and spread around the world in June probably also designed malware called BadRabbit used in a more recent strike, a Ukrainian presidency official said on Tuesday.
The BadRabbit attack last week mainly affected Russia but also caused flight delays at Odessa airport in southern Ukraine and disrupted electronic payments in the Kiev metro.
“What we start observing is that there is a strong belief that the NotPetya and BadRabbit (is) being written by the same group, due to the type of the code and approaches,” Dmytro Shymkiv told the Reuters Cyber Security Summit in Kiev.
“BadRabbit and (Not)Petya, WannaCry, this is all from the same family, to test, to disrupt, to analyse how the cyber security community would react,” he added.
A former director at Microsoft in Ukraine, Shymkiv said more could have been done to mitigate BadRabbit if organizations had followed recommendations on how to deal with malware, including basics such as not clicking on suspicious messages.
Shymkiv’s assessment chimed with that of Russia-based cyber firm Group-IB, who said that BadRabbit shared an important piece of code with NotPetya.
However, experts caution that attributing cyber attacks is notoriously difficult, as hackers regularly use techniques to cover their tracks and sometimes deliberately mislead investigators about their identity.
Ukrainian officials have said the NotPetya attack directly targeted Ukraine and was carried about by a hacking group widely known as Black Energy, which some cyber experts say works in favour of Russian government interests. Moscow has repeatedly denied carrying out cyber attacks against Ukraine.
For more Reuters cyber news, go to www.reuters.com/cyberrisk
Follow Reuters Summits on Twitter @Reuters_Summits (Editing by Mark Heinrich)