The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Bad Rabbit Ransomware

Bad Rabbit Ransomware Uses Leaked 'EternalRomance' NSA Exploit to Spread

Bad Rabbit Ransomware Uses Leaked 'EternalRomance' NSA Exploit to Spread

October 27, 2017Mohit Kumar
A new widespread ransomware worm, known as " Bad Rabbit ," that hit over 200 major organisations, primarily in Russia and Ukraine this week leverages a stolen NSA exploit released by the Shadow Brokers this April to spread across victims' networks. Earlier it was reported that this week's crypto-ransomware outbreak did not use any National Security Agency-developed exploits, neither EternalRomance nor EternalBlue , but a recent report from Cisco's Talos Security Intelligence revealed that the Bad Rabbit ransomware did use EternalRomance exploit. NotPetya ransomware (also known as ExPetr and Nyetya) that infected tens of thousands of systems back in June also leveraged the EternalRomance exploit , along with another NSA's leaked Windows hacking exploit EternalBlue, which was used in the WannaCry ransomware outbreak. Bad Rabbit Uses EternalRomance SMB RCE Exploit Bad Rabbit does not use EternalBlue but does leverage EternalRomance RCE exploit to spread
Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe

Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe

October 24, 2017Mohit Kumar
A new widespread ransomware attack is spreading like wildfire around Europe and has already affected over 200 major organisations, primarily in Russia, Ukraine, Turkey and Germany, in the past few hours. Dubbed " Bad Rabbit ," is reportedly a new Petya-like targeted ransomware attack against corporate networks, demanding 0.05 bitcoin (~ $285) as ransom from victims to unlock their systems. According to an initial analysis provided by the Kaspersky, the ransomware was distributed via drive-by download attacks, using fake Adobe Flash players installer to lure victims' in to install malware unwittingly. "No exploits were used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer. We’ve detected a number of compromised websites, all of which were news or media websites." Kaspersky Lab said . However, security researchers at ESET have detected Bad Rabbit malware as ' Win32/Diskcoder.D ' —
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.