GCHQ has issued a warning over the ‘Bad Rabbit’ ransomware attack that is sweeping through Europe leaving computers locked up across the continent.
Affected users are told their computer and data has been encrypted, and asked to fork over £210 in anonymous current Bitcoin in order to unlock it.
It has also been revealed that the virus code is littered with references to Game of Thrones – including the names of two dragons from the hit series.
The malware also tries a list of passwords including ‘love’, ‘sex’, ‘god’ and ‘secret’ while trying to spread – terms dubbed the ‘four most common’ by the 1995 movie Hackers.
Scroll down for video
Bad Rabbit has locked computers at several major Russian media networks, demanding that users hand over £210 in anonymous currency Bitcoin in order to get their data back
While there have not yet been any reports of Bad Rabbit spreading to the UK, the National Cyber Security Centre has issued a warning.
The organisation – a part of GCHQ – said: ‘We are aware of a cyber incident affecting a number of countries around the world.
‘The NCSC has not received any reports that the UK has been affected by this latest malware attack.
‘We are monitoring the situation and working with our partners to better understand the threat.’
Bad Rabbit is thought to pose as an Adobe Flash update to trick users into downloading it, before exploiting similar weaknesses as ExPetya to spread (pictured, Ukranian supermarket tills locked up by the virus)
Interfax, one of the largest news agencies in Russia, said some of its services were hit by an ‘unprecedented virus attack’.
A spokeswoman for Odessa airport said flights were delayed because workers had to process passenger data manually.
The metro system in Kiev also reported a hack on its payment system but said trains were running normally.
Bad Rabbit is believed to masquerade as a Windows Flash update in order to convince users to install the virus on their computers, The Register reports.
ExPetya badly affected networks in Ukraine when it spread this summer, coming weeks after the WannaCry virus locked up NHS computers
Once there it uses similar weaknesses exploited by ExPetya and WannaCry to spread through the network, shutting down machines as it goes.
Back in June Ukraine was crippled by the ExPetya virus, which affected government computers to the national power grid and ATM machines.
Even the radiation monitoring systems around Chernobyl were temporarily taken offline during the attack.
ExPetya, also known as NotPetya and GoldenEye, appeared just weeks after the WannaCry virus appeared, targeting health networks in the UK.
Computers in dozens of NHS hospitals were shut down during that attack, which subsequently spread to 150 countries around the world.
The virus worked by exploiting a weakness in the Windows XP operating system, which many large government networks were constructed around.
NotPetya, named because it was based on earlier code dubbed Petya, worked in a similar way – but was more potent because it locked users out of entire hard drives at once, rather than encrypting files one-by-one.
WannaCry: The previous cyber attack that crippled the world
What is ransomware?
Ransomware is a type of malicious software that criminals use to attack computer systems.
Hackers often demand the victim to pay ransom money to access their files or remove harmful programs.
The aggressive attacks dupe users into clicking on a fake link – whether it’s in an email or on a fake website, causing an infection to corrupt the computer.
In some instances, adverts for pornographic website will repeatedly appear on your screen, while in others, a pop-up will state that a piece of your data will be destroyed if you don’t pay.
In the case of the NHS attack, the ransomware used was called Wanna Decryptor or ‘WannaCry’ Virus.
What was the WannaCry virus?
The WannaCry virus targets Microsoft’s widely used Windows operating system.
The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.
It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.
When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.
It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.
How to protect yourself from ransomware
Thankfully, there are ways to avoid ransomware attacks, and Norton Antivirus has compiled a list of prevention methods:
1. Use reputable antivirus software and a firewall
2. Back up your computer often
3. Set up a popup blocker
4. Be cautious about clicking links inside emails or on suspicious websites
5. If you do receive a ransom note, disconnect from the Internet
6. Alert authorities