How to Stop Your Remote Workforce from Being Hacked
The world of work is changing. One of the biggest trends of the last couple of years has been the shift toward remote employment, with
Home / Blog / EH Academy / Bad Rabbit Ransomware using NSA Exploit
Another far reaching ransomware worm, known as “Bad Rabbit,” that hit more than 200 noteworthy associations, essentially in Russia and Ukraine this week influences a stolen NSA misuse discharged by the Shadow Brokers this April to spread over victim’s systems.
Prior it was accounted for that the current week’s crypto-ransomware outbreak did not utilize any National Security Agency-developed exploits, neither EternalRomance nor EternalBlue, yet a current report from Cisco’s Talos Security Intelligence uncovered that the Bad Rabbit ransomware used EternalRomance exploit.
NotPetya ransomware (also known as ExPetr and Nyetya) that infected tens of thousands of systems back in June also leveraged the EternalRomance exploit, along with another NSA’s leaked Windows hacking exploit EternalBlue, which was used in the WannaCry ransomware outbreak.
Bad Rabbit does not use EternalBlue but does leverage EternalRomance RCE exploit to spread across victims’ networks.
Microsoft and F-Secure have also confirmed the presence of the exploit in the Bad Rabbit ransomware.
Bad Rabbit was reportedly distributed via drive-by download attacks via compromised Russian media sites, using fake Adobe Flash players installer to lure victims’ into install malware unwittingly and demanding 0.05 bitcoin (~ $285) from victims to unlock their systems.
How Bad Rabbit Ransomware Spreads In a Network
According to the researchers, Bad Rabbit first scans the internal network for open SMB shares, tries a hardcoded list of commonly used credentials to drop malware, and also uses Mimikatz post-exploitation tool to extract credentials from the affected systems.
Bad Rabbit can also exploit the Windows Management Instrumentation Command-line (WMIC) scripting interface in an attempt to execute code on other Windows systems on the network remotely, noted EndGame.
However, according to Cisco’s Talos, Bad Rabbit also carries a code that uses EternalRomance, which allows remote hackers to propagate from an infected computer to other targets more efficiently.
Industrial Cybersecurity
September 28, 2023
Want always be up to date?
By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings
The world of work is changing. One of the biggest trends of the last couple of years has been the shift toward remote employment, with
Learn how to stay anonymous online; what is darknet and what is the difference between the VPN, TOR, WHONIX, and Tails here.
Phone number plays a vital role in the social engineering and the open source intelligence investigation. Everyone carry’s phone, the phone is now linked with
Want always be up to date?
By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings