Summit News

Ukraine says NotPetya hackers likely behind BadRabbit malware

KIEV (Reuters) - Hackers behind the NotPetya virus that hit Ukraine and spread around the world in June probably also designed malware called BadRabbit used in a more recent strike, a Ukrainian presidency official said on Tuesday.

Dmytro Shymkiv, Deputy Head of the Ukrainian Presidential Administration, speaks during an interview in Kiev, Ukraine October 31, 2017. REUTERS/Valentyn Ogirenko

Reuters Cyber Summit

Top executives and government officials from around the world are convening in Toronto, Washington, Moscow and Tel Aviv from October 23 to November 2 for the Reuters Cyber Security Summit. Click here to follow the action

The BadRabbit attack last week mainly affected Russia but also caused flight delays at Odessa airport in southern Ukraine and disrupted electronic payments in the Kiev metro.

“What we start observing is that there is a strong belief that the NotPetya and BadRabbit (is) being written by the same group, due to the type of the code and approaches,” Dmytro Shymkiv told the Reuters Cyber Security Summit in Kiev.

“BadRabbit and (Not)Petya, WannaCry, this is all from the same family, to test, to disrupt, to analyse how the cyber security community would react,” he added.

A former director at Microsoft in Ukraine, Shymkiv said more could have been done to mitigate BadRabbit if organisations had followed recommendations on how to deal with malware, including basics such as not clicking on suspicious messages.

Shymkiv’s assessment chimed with that of Russia-based cyber firm Group-IB, who said that BadRabbit shared an important piece of code with NotPetya.

Slideshow ( 3 images )

However, experts caution that attributing cyber attacks is notoriously difficult, as hackers regularly use techniques to cover their tracks and sometimes deliberately mislead investigators about their identity.

Ukrainian officials have said the NotPetya attack directly targeted Ukraine and was carried about by a hacking group widely known as Black Energy, which some cyber experts say works in favour of Russian government interests. Moscow has repeatedly denied carrying out cyber attacks against Ukraine.

Shymkiv said it was difficult to definitively identify who was behind the BadRabbit attack, speculating, for example, that the creators of NotPetya could have sold the BadRabbit virus to another group of hackers.

Ukraine has been a frequent victim of cyber attacks that have conked out power to thousands of homes, frozen supermarket tills and paralysed government computers. Shymkiv and others see Ukraine as a testing ground for Russian attacks.

He said he was sure more attacks are on the way and, when asked what new threats had emerged recently, cited an incident in the summer when ships in the Black Sea had their Global Positioning System (GPS) hacked.

“It’s been a concern (within) the government, it’s been a concern among the cyber community,” he said.

Shymkiv said recent cyber attacks had forced Ukraine to become more savvy in dealing with threats and it had also increased coordination particularly with the United States.

For example, U.S. government officials this year have been training Ukrainian energy ministry officials on how to combat hacking, Shymkiv said. Coordination is “ramping up. There is a lot of appetite to learn from each other,” he said.

For more Reuters cyber news, go to

Follow Reuters Summits on Twitter @Reuters_Summits

Editing by Mark Heinrich