“Our observations show that the majority of the attack’s victims are located in Russia. We’re also registering similar attacks in Ukraine, Turkey and Germany, but on a considerably smaller scale. The malware spreads through a number of compromised websites of Russian media outlets,” the company said in its blog.

The new virus appears to be dubbed ‘BadRabbit,’ according to a dark net page where the details on ransom for the encrypted files were posted. The initial ransom is 0.05 Bitcoin ($300), but the virus features a timer and promises to raise the price if the ransom is not paid in time.

The attacks were reported by the Interfax news agency and Fontanka.ru news outlet, as well as by the subway system in the Ukrainian capital, Kiev, and the airport of Odessa. The new cryptoware appears to be deliberately targeting corporate networks, according to Kaspersky Lab.

READ MORE: N. Korea stole cyber tools from NSA, carried out WannaCry ransomware attack – Microsoft chief

“Algorithms similar to the ExPetr attack are being used, but we cannot confirm links to ExPetr. We’re still studying the situation,” Kaspersky Lab stated, referring to a major cryptoware attack which hit a number of companies in Russia and Ukraine back in June.

Kaspersky Lab advised those who do not use anti-virus products to restrict execution of certain files (C:Windowsinfpub.dat, C:Windowscscc.dat) and shut down the Windows Management Instrumentation (WMI) service.