It seems likely that the recent Bad Rabbit ransomware attack on Russia and Ukraine originates from the same source as the NotPetya infestation earlier this year. Since this article was originally published, there have been some German and Turkish victims of this bug.
The actors behind both attacks go by a number of different aliases, including Sandworm, BlackEnergy and TeleBots – which was behind the Ukrainian power grid attacks in 2015 and 2016. They have been active for the last ten years.
Several security companies and researchers have identified similarities in the attackers’ modus operandi, including the use of rewritten code originally found in the Petya ransomware. While NotPetya principally targeted Ukraine, Bad rabbit has hit more Russian victims – although its richest pickings were from Ukrainian government agencies and transport systems.