Bad Rabbit Ransomware using NSA Exploit

Another far reaching ransomware worm, known as “Bad Rabbit,” that hit more than 200 noteworthy associations, essentially in Russia and Ukraine this week influences a stolen NSA misuse discharged by the Shadow Brokers this April to spread over victim’s systems.

Prior it was accounted for that the current week’s crypto-ransomware outbreak did not utilize any National Security Agency-developed exploits, neither EternalRomance nor EternalBlue, yet a current report from Cisco’s Talos Security Intelligence uncovered that the Bad Rabbit ransomware used EternalRomance exploit.

NotPetya ransomware (also known as ExPetr and Nyetya) that infected tens of thousands of systems back in June also leveraged the EternalRomance exploit, along with another NSA’s leaked Windows hacking exploit EternalBlue, which was used in the WannaCry ransomware outbreak.

Bad Rabbit does not use EternalBlue but does leverage EternalRomance RCE exploit to spread across victims’ networks.
Microsoft and F-Secure have also confirmed the presence of the exploit in the Bad Rabbit ransomware.

Bad Rabbit was reportedly distributed via drive-by download attacks via compromised Russian media sites, using fake Adobe Flash players installer to lure victims’ into install malware unwittingly and demanding 0.05 bitcoin (~ $285) from victims to unlock their systems.

How Bad Rabbit Ransomware Spreads In a Network

According to the researchers, Bad Rabbit first scans the internal network for open SMB shares, tries a hardcoded list of commonly used credentials to drop malware, and also uses Mimikatz post-exploitation tool to extract credentials from the affected systems.

Bad Rabbit can also exploit the Windows Management Instrumentation Command-line (WMIC) scripting interface in an attempt to execute code on other Windows systems on the network remotely, noted EndGame.

However, according to Cisco’s Talos, Bad Rabbit also carries a code that uses EternalRomance, which allows remote hackers to propagate from an infected computer to other targets more efficiently.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...

Digital Forensics Investigation using Autopsy In Kali Linux

Autopsy is one of the digital forensics tools use to investigate what happened on a computer. It offers a GUI access to variety of...