Bad Rabbit allegedly used leaked NSA hacking tools

Listen
Text
  • Small
  • Medium
  • Large

Bad Rabbit, the ransomware that is spreading across Russia and Eastern Europe this week, allegedly used a leaked hacking tool built by the National Security Agency, according to The Hill.

It was previously thought that the strain was linked to the Petya/NotPetya and WannaCry outbreaks; however, new evidence suggests otherwise. 

Researchers at Cisco found that Bad Rabbit exploited a tool called EternalRomance, which took advantage of a now-patched security flaw in Windows that was leaked by hacking group ShadowBrokers, The Hill reports.

This tool was not the same NSA exploit used in the NotPetya and WannaCry attacks. Coding similarities suggested Bad Rabbit may have been a variant of NotPetya, which exploited EternalBlue, a separate NSA tool also leaked by ShadowBrokers, to propagate through networks.

Both EternalBlue and EternalRomance operate on the same Windows filesharing system, SMB.

Bad Rabbit interrupted Ukraine transportation services, Russian media agencies and other government agencies. It spreads via a fake Adobe Flash update and requests nearly $280 worth of bitcoin in ransom.

More articles on cybersecurity:

Trump fills key DHS CIO post with acting DoD CIO

Kaspersky releases results of investigation into supposed Russian hacking

30% of CEOs had their email address associated with a breach

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars