It was previously thought that the strain was linked to the Petya/NotPetya and WannaCry outbreaks; however, new evidence suggests otherwise.
Researchers at Cisco found that Bad Rabbit exploited a tool called EternalRomance, which took advantage of a now-patched security flaw in Windows that was leaked by hacking group ShadowBrokers, The Hill reports.
This tool was not the same NSA exploit used in the NotPetya and WannaCry attacks. Coding similarities suggested Bad Rabbit may have been a variant of NotPetya, which exploited EternalBlue, a separate NSA tool also leaked by ShadowBrokers, to propagate through networks.
Both EternalBlue and EternalRomance operate on the same Windows filesharing system, SMB.
Bad Rabbit interrupted Ukraine transportation services, Russian media agencies and other government agencies. It spreads via a fake Adobe Flash update and requests nearly $280 worth of bitcoin in ransom.
More articles on cybersecurity:
Trump fills key DHS CIO post with acting DoD CIO
Kaspersky releases results of investigation into supposed Russian hacking
30% of CEOs had their email address associated with a breach
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
