Leaked NSA tools were once again used in a global ransomware attack

Another global ransomware outbreak was powered with a leaked, fully operational NSA hacking tool that had been released by The Shadow Brokers, according to researchers with cybersecurity firms Cisco Talos, IB Group and Symantec. The latest international ransomware incident occurred on Tuesday and primarily affected computers in Ukraine and Russia. Analysts studying malware samples connected to this event, dubbed “BadRabbit,” found Thursday that the carefully prepared attack contained an exploit known as “EternalRomance.” Update: Talos has identified an eternal romance component and more! https://t.co/H4BAi4wRhE — Craig Williams (@security_craig) October 26, 2017 Some researchers say the BadRabbit operation had been planned for months, dating back perhaps to as far as Feb. 2017, according to FireEye, or July 2017, based on digital evidence found by Kaspersky Lab. It appears the attackers behind #Badrabbit have been busy setting up their infection network on hacked sites since at least July 2017. pic.twitter.com/fV5U1FeVtR — Costin Raiu […]

The post Leaked NSA tools were once again used in a global ransomware attack appeared first on Cyberscoop.

Continue reading Leaked NSA tools were once again used in a global ransomware attack

BadRabbit runs out of steam – but be prepared for the next ransomware attack

Reports appeared on Tuesday that a new ransomware outbreak was hitting organisations in Russia and Ukraine. Victims included the Russian newswire Interfax, Ukraine’s Odessa airport, and the Kiev subway system. Media outlets like Fontanka.ru found their website’s disrupted by the attack, and urged readers to follow them on social media for updates while systems were […]… Read More

The post BadRabbit runs out of steam – but be prepared for the next ransomware attack appeared first on The State of Security.

The post BadRabbit runs out of steam – but be prepared for the next ransomware attack appeared first on Security Boulevard.

Continue reading BadRabbit runs out of steam – but be prepared for the next ransomware attack

Infrastructure for the ‘Bad Rabbit’ Ransomware Appears to Have Shut Down

Most of the servers and sites used by the hackers behind the ransomware are down just a day after the outbreak started. Continue reading Infrastructure for the ‘Bad Rabbit’ Ransomware Appears to Have Shut Down

Comparing EternalPetya and BadRabbit

I’ve created a table comparing the EternalPetya (ExPetr, NotPetya, etc.) outbreak from June, and the BadRabbit ransomware outbreak from yesterday (2017-10-24).
I have decided to not include WannaCry (WanaCrypt0r), as they are not related, while Eternal… Continue reading Comparing EternalPetya and BadRabbit

NotPetya successor BadRabbit hits orgs in Russia, Ukraine

BadRabbit ransomware, apparently modeled on NotPetya, has hit a number of organizations across Russia, Ukraine, and Eastern Europe on Tuesday. Russian security outfit Group-IB was among the first ones who flagged the attack. “Amongst victims, this affected computers and servers of the Kiev metro, the Ministry of Infrastructure and Odessa International Airport, as well as a number of state organisations in the Russian Federation. Victims in the Russian Federation included Federal news sites and commercial … More Continue reading NotPetya successor BadRabbit hits orgs in Russia, Ukraine

BadRabbit ransomware strikes Eastern Europe

A new strain of malware by the authors of NotPetya called the BadRabbit ransomware is spreading through Eastern Europe, offering a fake Flash update to drop the infection.
Categories:

Cybercrime
Malware

Tags: bad rabbitBadRabbitnot petyapetyaPe… Continue reading BadRabbit ransomware strikes Eastern Europe

‘BadRabbit’ ransomware spreading across Ukraine, Russia

Multiple Russian and Ukrainian organizations were hit with a ransomware attack Tuesday, causing disruptions across a number of different transportation hubs, including a major airport and transit system in Kiev, Ukraine and several Russian media organizations. The malware, dubbed “BadRabbit” by security researchers, will load a message in red text over a black background on infected computers, requesting payment from victims in order to unlock their systems. The price to unlock an infected system increases over time, the message reads, and requires victims to log into a Tor hidden service website to send bitcoin. This display carries certain similarities with another ransomware outbreak known as NotPetya, which spread across Ukraine in June and into a variety of multinational corporations with connections to the country’s economy. Other overlaps also exist between NotPetya and BadRabbit, including the reuse of Diskcoder.D, a trojan that encrypts files on local drives, researchers say. #badrabbit found […]

The post ‘BadRabbit’ ransomware spreading across Ukraine, Russia appeared first on Cyberscoop.

Continue reading ‘BadRabbit’ ransomware spreading across Ukraine, Russia