A new ransomware tapped an NSA exploit to wreak some of its havoc
New week, new ransomware.
A new form of ransomware surfaced in Russia, Ukraine and elsewhere this week. Known as Bad Rabbit, it's employed a leaked NSA exploit to do some of its damage.
SEE ALSO:Paying for antivirus software is mostly BSRansomware works by freezing up a computer in an attempt to force the user to pay a fee if they want their machine to be normal again.
The trick for hackers, of course, is how to get the malicious agent onto machines in the first place.
Bad Rabbit does this in a few steps. Here's how the cybersecurity firm Symantec described it in a post analyzing the ransomware:
"The initial infection method is through drive-by downloads on compromised websites. The malware is disguised as a fake update to Adobe Flash Player. The download originates from a domain named 1dnscontrol[dot]com, although visitors may have been redirected there from another compromised website."
After the malware's been installed, according to cybersecurity firm Cisco Talos, "there is an SMB component used for lateral movement and further infection."
SMB refers to Server Message Block, which is a means by which networked Windows machines share information. Bad Rabbit attacks SMB in several ways, according to Symantec, looking to spread to other vulnerable Windows machines in the same network as the computer on which it was first installed. One of the ways is through an SMB exploit known as EternalRomance, according to Talos and Symantec.
This takes us back to April, when a group of hackers known as the Shadow Brokers dumped a trove of NSA exploits on the internet for anyone to use them, assuming they have the knowledge required. Those exploits pertained to computers running Windows, putting millions of Windows users at risk of ransomware broadsides. Microsoft had actually released patches to ameliorate this and other exploits in March, but folks have to update their computers in order for those patches to take effect, and people looking to use this ransomware surely know that many folks simply never hit update (if you're running Windows and reading this, make sure to patch up your system if you haven't already).
"Ransomware is the threat of choice for both its monetary gain as well as destructive nature"
"The distribution of BadRabbit was massive," a threat intelligence expert at the cybersecurity firm Group-IBwrote on the company's website, though he noted that the distribution resulted in "much fewer victims" than another recent ransomware attack. The "primary" victims of the attack included "several Ukrainian strategic enterprises" including Odessa International Airport and the metro in Kiev, as well as "federal mass media" in Russia.
Wrapping up its Bad Rabbit analysis, Talos concluded that the world can expect more fast-spreading attacks that strike quickly and are designed "to inflict maximum damage."
"Ransomware is the threat of choice for both its monetary gain as well as destructive nature," they wrote. "As long as there is money to be made or destruction to be had these threats are going to continue."
Featured Video For You
Step inside the secretive class that turns people into hackers
相关文章
- 近日,我市气温持续居高不下。气象学上,气温在35℃及以上时可称为“高温天气”。如果连续三天最高气温都超过35℃时,即可称作“高温热浪”天气。高温天气下,运动员、户外工作者、老年人、婴幼儿等都是容易中暑2024-09-21
- 9月19日,2023全球激光显示技术与产业发展大会在青岛召开。作为本次大会的重头戏,中国电子视像行业协会发布了《2023激光显示产业高质量发展白皮书》以下简称“白皮书”),全面2024-09-21
- 夏凤俭督导调研重大项目和重点企业复工复产工作时勉励大家铆足干劲开新局全力冲刺“开门红”2月18日,市委书记夏凤俭前往雨城区、经开区,督导调研重大项目、重点企业复工复产工作。他勉励大家迅速进入工作状态,2024-09-21
夏凤俭在开展春节前走访慰问和安全大检查时强调 守牢安全底线 强化服务保障 确保人民群众平安祥和欢度春节
夏凤俭在开展春节前走访慰问和安全大检查时强调守牢安全底线强化服务保障确保人民群众平安祥和欢度春节2月8日,市委书记夏凤俭赴石棉县开展春节前走访慰问和安全大检查。他强调,要牢固树立以人民为中心的发展思想2024-09-21Slot extends perfect Liverpool start
LONDON:Arne Slot extended his perfect start as Liverpool manager with a 2-0 win against Brentford on2024-09-21- 舞龙表演非遗环山鸡节表演1月26日下午,随着《欢乐大舞台》欢快的旋律在雨城区多营镇响起,由市委宣传部、市文化体育和旅游局主办,市文化馆、市文联承办的“雅安市2024年送文化下乡暨四川省千龙千狮闹新春欢2024-09-21
最新评论