A new ransomware tapped an NSA exploit to wreak some of its havoc
New week, new ransomware.
A new form of ransomware surfaced in Russia, Ukraine and elsewhere this week. Known as Bad Rabbit, it's employed a leaked NSA exploit to do some of its damage.
SEE ALSO:Paying for antivirus software is mostly BSRansomware works by freezing up a computer in an attempt to force the user to pay a fee if they want their machine to be normal again.
The trick for hackers, of course, is how to get the malicious agent onto machines in the first place.
Bad Rabbit does this in a few steps. Here's how the cybersecurity firm Symantec described it in a post analyzing the ransomware:
"The initial infection method is through drive-by downloads on compromised websites. The malware is disguised as a fake update to Adobe Flash Player. The download originates from a domain named 1dnscontrol[dot]com, although visitors may have been redirected there from another compromised website."
After the malware's been installed, according to cybersecurity firm Cisco Talos, "there is an SMB component used for lateral movement and further infection."
SMB refers to Server Message Block, which is a means by which networked Windows machines share information. Bad Rabbit attacks SMB in several ways, according to Symantec, looking to spread to other vulnerable Windows machines in the same network as the computer on which it was first installed. One of the ways is through an SMB exploit known as EternalRomance, according to Talos and Symantec.
This takes us back to April, when a group of hackers known as the Shadow Brokers dumped a trove of NSA exploits on the internet for anyone to use them, assuming they have the knowledge required. Those exploits pertained to computers running Windows, putting millions of Windows users at risk of ransomware broadsides. Microsoft had actually released patches to ameliorate this and other exploits in March, but folks have to update their computers in order for those patches to take effect, and people looking to use this ransomware surely know that many folks simply never hit update (if you're running Windows and reading this, make sure to patch up your system if you haven't already).
"Ransomware is the threat of choice for both its monetary gain as well as destructive nature"
"The distribution of BadRabbit was massive," a threat intelligence expert at the cybersecurity firm Group-IBwrote on the company's website, though he noted that the distribution resulted in "much fewer victims" than another recent ransomware attack. The "primary" victims of the attack included "several Ukrainian strategic enterprises" including Odessa International Airport and the metro in Kiev, as well as "federal mass media" in Russia.
Wrapping up its Bad Rabbit analysis, Talos concluded that the world can expect more fast-spreading attacks that strike quickly and are designed "to inflict maximum damage."
"Ransomware is the threat of choice for both its monetary gain as well as destructive nature," they wrote. "As long as there is money to be made or destruction to be had these threats are going to continue."
Featured Video For You
Step inside the secretive class that turns people into hackers
-
50 Years Later: The Revolutionary 8008 Microprocessor2022年春运昨日拉开大幕“读者选书我买单”:免费带书回家读火热进行中辅导班学科类遇冷 艺体类依然有市场If aliens harnessed solar power, could we detect them? NASA investigated.闈掑矝鑰佷汉鍐欑櫨绫斥€滄瘺娉戒笢璇楄瘝鈥 涓嫳鏂囨贩鎼緢鍙︾被銆愰潚宀涙晠浜嬨€戝ぇ瀛︿含鍓у洟:鍘嬭酱鐨勮枦骞宠吹鏄?0鍚巁涓浗灞变笢缃慱闈掑矝百洋医药集团全面发力,助力青岛健康产业内外双循环实干担当抓落实 多措并举促发展揭秘国际时装周西海岸会场:顶级超模将亮相
- ·PS5 Pro: There are new whispers that the release date is fast approaching
- ·288天!山东港口青岛港油品板块吞吐量提前10天超亿吨
- ·全国双创活动周青岛分会场重磅开启
- ·袁弘张歆艺大婚 胡歌刘诗诗郭晓婷“唐人四宝”同框
- ·'Hyundai Way': Auto giant's W121tr plan aims to seize mobility market lead
- ·美利坚交响音乐会周六奏响 演绎美国经典作品
- ·288天!山东港口青岛港油品板块吞吐量提前10天超亿吨
- ·闈掑矝鏃惰鍦ㄥ浗鍐呭宕湶澶磋 浣嗕粛闈复涓嶅皯闅鹃
- ·Top 10 Most Significant Nvidia GPUs of All Time
- ·吴亦凡被疑似“女友”曝床照 当事人未作回应
- ·“建行杯”广东省第三届农村创业大赛总决赛在广州顺利举办
- ·小米数科品牌升级 聚焦产业数字金融
- ·Foreign, multicultural students rise amid declining school population
- ·闈掑矝鍙戣17.52浜垮€哄埜锛岀敤浜庡悍澶嶅ぇ瀛︺€佹柊鏈哄満楂橀€熻繛鎺ョ嚎寤鸿
- ·安捷伦大学(青岛)培训中心揭牌 青岛再添科学仪器产业新名片
- ·戏曲进乡村 文化润民心
- ·Tesla considers adding a new ‘stuck detection' feature to Cybertruck. Here’s why.
- ·邓诣群任广东省农业科学院党委书记
- ·288天!山东港口青岛港油品板块吞吐量提前10天超亿吨
- ·宝兴法院倾心促调解 民企赠送锦旗表谢意
- ·Weather update for second Pak vs Ban second Test match day one
- ·琚笘鐣岄《灏栧疄楠屽寮曞叆锛佹捣淇″尰鐤椾骇鍝佸皢娣卞害铻嶅悎杈捐姮濂囨満鍣ㄤ汉
- ·宝兴法院倾心促调解 民企赠送锦旗表谢意
- ·2022年春运昨日拉开大幕
- ·Spate of defections show Kim Jong
- ·走过2023,采撷百千万缕微光
- ·U.S. Senators call on FTC to investigate the security of drivers' data
- ·寒冬送温暖 惠民暖人心
- ·明晨3点2016欧洲杯将在法兰西大球场揭开大幕
- ·七月向经典致敬 来青岛大剧院看曹禺三部曲
- ·I went to an offline dating event for singles. Here's how it went.
- ·不辱使命 勇于担当 青岛工行依托电商渠道持续彰显助力脱贫攻坚“工行力量”
- ·岛城书法家张颖赴德大学办书法培训课 传播传统文化
- ·周末来“冬趣崂山”文旅商贸惠民市集,消费一元便可抽奖
- ·Which iPad Model Is Right for You?
- ·林兆华导演青春版《银锭桥》本周末青岛大剧院上演