A new ransomware tapped an NSA exploit to wreak some of its havoc
New week, new ransomware.
A new form of ransomware surfaced in Russia, Ukraine and elsewhere this week. Known as Bad Rabbit, it's employed a leaked NSA exploit to do some of its damage.
SEE ALSO:Paying for antivirus software is mostly BSRansomware works by freezing up a computer in an attempt to force the user to pay a fee if they want their machine to be normal again.
The trick for hackers, of course, is how to get the malicious agent onto machines in the first place.
Bad Rabbit does this in a few steps. Here's how the cybersecurity firm Symantec described it in a post analyzing the ransomware:
"The initial infection method is through drive-by downloads on compromised websites. The malware is disguised as a fake update to Adobe Flash Player. The download originates from a domain named 1dnscontrol[dot]com, although visitors may have been redirected there from another compromised website."
After the malware's been installed, according to cybersecurity firm Cisco Talos, "there is an SMB component used for lateral movement and further infection."
SMB refers to Server Message Block, which is a means by which networked Windows machines share information. Bad Rabbit attacks SMB in several ways, according to Symantec, looking to spread to other vulnerable Windows machines in the same network as the computer on which it was first installed. One of the ways is through an SMB exploit known as EternalRomance, according to Talos and Symantec.
This takes us back to April, when a group of hackers known as the Shadow Brokers dumped a trove of NSA exploits on the internet for anyone to use them, assuming they have the knowledge required. Those exploits pertained to computers running Windows, putting millions of Windows users at risk of ransomware broadsides. Microsoft had actually released patches to ameliorate this and other exploits in March, but folks have to update their computers in order for those patches to take effect, and people looking to use this ransomware surely know that many folks simply never hit update (if you're running Windows and reading this, make sure to patch up your system if you haven't already).
"Ransomware is the threat of choice for both its monetary gain as well as destructive nature"
"The distribution of BadRabbit was massive," a threat intelligence expert at the cybersecurity firm Group-IBwrote on the company's website, though he noted that the distribution resulted in "much fewer victims" than another recent ransomware attack. The "primary" victims of the attack included "several Ukrainian strategic enterprises" including Odessa International Airport and the metro in Kiev, as well as "federal mass media" in Russia.
Wrapping up its Bad Rabbit analysis, Talos concluded that the world can expect more fast-spreading attacks that strike quickly and are designed "to inflict maximum damage."
"Ransomware is the threat of choice for both its monetary gain as well as destructive nature," they wrote. "As long as there is money to be made or destruction to be had these threats are going to continue."
Featured Video For You
Step inside the secretive class that turns people into hackers
(责任编辑:资讯)
- From Prairie Grasslands to Man
- Raphinha 'fulfills childhood dream' of joining Barca
- Kim Kardashian celebrated Christmas by silently posing in Snapchats
- Tesla's Autopilot fails haven't shaken my faith in self
- Google Gemini now allows AI
- 20 Places to Eat Dumplings and Noodles for Lunar New Year
- President Trump just told an elaborate lie about voter fraud and it involves cereal
- 无证驾驶摩托车拘留七日
- Ad branded discriminatory for its 'negative stereotype of husbands'
- Cheap heat
- N. Korea vows to build up military
- Murray ousted by Bublik at ATP Hall of Fame Open
- Ad branded discriminatory for its 'negative stereotype of husbands'
-
竹编体验本报讯8月23日,雅安市总工会2024年职工子女暑期托管班结业仪式举行,为期三周的暑期托管班落下帷幕。结业仪式上,非遗竹编手艺人冯树巍向暑期托管班孩童教授竹编技艺。在老师生动讲解下,孩子们兴奋 ...[详细]
-
Uber rival Ola to put 10,000 electric vehicles on India's roads
Uber's biggest rival in India, Ola, has announced plans to launch a casual 10,000 electric vehicles ...[详细] -
Gallagher sees Chelsea breakthrough
LONDON:Midfielder Conor Gallagher is aiming to be a key player for Premier League side Chelsea after ...[详细] -
[News Focus] Park to spin Iran summit into political momentum
President Park Geun-hye’s landmark visit to Iran, which Cheong Wa Dae applauded as eliciting unprece ...[详细] -
Hannah Gais ,July 16, 2024 To Russia, with ...[详细]
-
LG's 'necklace' surround sound speaker is as dorky as wearables get
CES is right around the corner and some tech companies, like LG, just couldn't wait to announce some ...[详细] -
Israeli company is using Facebook, YouTube to build a sketchy database
Facebook has been under fire for its handling of personal data, but what companies around the world ...[详细] -
India's ruling party got volunteers to troll its critics, claims new book
There is no escaping trolling if you are on social media. More so, if you happen to be a popular fig ...[详细] -
25 Years Later: A Brief Analysis of GPU Processing Efficiency
The first 3D graphics cards appeared 25 years ago and since then their power and complexity have gro ...[详细] -
The 'u want this?' bunny is here for all your meme requests
ASCII bunnies are evergreen. Best known for holding signs with hot takes, the bunny has taken on a m ...[详细]