Russia, Ukraine, Germany, Turkey, Japan, and Bulgaria report outbreaks of "BadRabbit," a malware strain that's acting like ransomware (or pseudoransomware). GroupIB thinks BadRabbit, which hit yesterday, looks like a Petya offspring. The largest single disruption so far appears to be in Ukraine, where Odessa's airport has had to curtail operations and increase security. Russian news agencies Interfax and Fortanka were also hit yesterday morning, as (reportedly) were two other media outlets as yet unnamed.
BadRabbit's victim landing page is demanding approximately $283 to recover files, but the situation is still developing and it remains to be seen whether this is a genuine extortion play, pseudoransomare aimed at disruption, or some mix of both. US-CERT advises against paying the ransom. If the perceived similarity to Petya and NotPetya holds, BadRabbit can be expected to continue its rapid spread. Attribution at this stage is mere speculation.
The Lazarus Group North Korean threat actor is reported to have taken control of a number of servers in India. The servers aren't the ultimate target. Rather they constitute a platform from which other cyberattacks can be launched.
DUHK (Don't Use Hard-coded Keys, acronym pronounced "duck") attacks against devices using the ANSI X9.31 random number generator are being reported.
Kaspersky Lab maintains its innocence of spying. The company says the NSA contractor (or employee—accounts now differ) mentioned as the source of sensitive leaked files backdoored his own machine by downloading and installing malicious pirated software.
In industry news, SecureBox announces a $150 million funding round.