Two days after the Bad Rabbit ransomware outbreak has wreaked havoc in Russia and Ukraine, security researchers are still unearthing details regarding the malware’s modus operandi.
While initially it was believed that the ransomware spread from the initial victim to nearby computers using a custom scanning mechanism that relied on the SMB protocol, new research published today by Cisco Talos and F-Secure reveals the Bad Rabbit ransomware also used a modified version of an NSA exploit to bolster the spreading process.
This marks the third time this year when a global ransomware epidemic has used cyber-weapons developed by the NSA and leaked online by a group of hackers going by the name of The Shadow Brokers.
WannaCry was the first ransomware wave that used an NSA cyber-weapon, deploying the ETERNALBLUE exploit to move laterally inside infected networks back in May this year.
A month later, the NotPetya ransomware outbreak deployed the ETERNALBLUE and ETERNALROMANCE exploits for the same purpose.
— source bleepingcomputer.com 2017-10-29
See how dangerous these institution is becoming. Make it transparent or abolish.
aneritamtm 