时间:2024-09-22 18:30:22 来源:网络整理 编辑:产品中心
New week, new ransomware. A new form of ransomware surfaced in Russia, Ukraine and elsewhere this we
New week, new ransomware.
A new form of ransomware surfaced in Russia, Ukraine and elsewhere this week. Known as Bad Rabbit, it's employed a leaked NSA exploit to do some of its damage.
SEE ALSO:Paying for antivirus software is mostly BSRansomware works by freezing up a computer in an attempt to force the user to pay a fee if they want their machine to be normal again.
The trick for hackers, of course, is how to get the malicious agent onto machines in the first place.
Bad Rabbit does this in a few steps. Here's how the cybersecurity firm Symantec described it in a post analyzing the ransomware:
"The initial infection method is through drive-by downloads on compromised websites. The malware is disguised as a fake update to Adobe Flash Player. The download originates from a domain named 1dnscontrol[dot]com, although visitors may have been redirected there from another compromised website."
After the malware's been installed, according to cybersecurity firm Cisco Talos, "there is an SMB component used for lateral movement and further infection."
SMB refers to Server Message Block, which is a means by which networked Windows machines share information. Bad Rabbit attacks SMB in several ways, according to Symantec, looking to spread to other vulnerable Windows machines in the same network as the computer on which it was first installed. One of the ways is through an SMB exploit known as EternalRomance, according to Talos and Symantec.
This takes us back to April, when a group of hackers known as the Shadow Brokers dumped a trove of NSA exploits on the internet for anyone to use them, assuming they have the knowledge required. Those exploits pertained to computers running Windows, putting millions of Windows users at risk of ransomware broadsides. Microsoft had actually released patches to ameliorate this and other exploits in March, but folks have to update their computers in order for those patches to take effect, and people looking to use this ransomware surely know that many folks simply never hit update (if you're running Windows and reading this, make sure to patch up your system if you haven't already).
"Ransomware is the threat of choice for both its monetary gain as well as destructive nature"
"The distribution of BadRabbit was massive," a threat intelligence expert at the cybersecurity firm Group-IBwrote on the company's website, though he noted that the distribution resulted in "much fewer victims" than another recent ransomware attack. The "primary" victims of the attack included "several Ukrainian strategic enterprises" including Odessa International Airport and the metro in Kiev, as well as "federal mass media" in Russia.
Wrapping up its Bad Rabbit analysis, Talos concluded that the world can expect more fast-spreading attacks that strike quickly and are designed "to inflict maximum damage."
"Ransomware is the threat of choice for both its monetary gain as well as destructive nature," they wrote. "As long as there is money to be made or destruction to be had these threats are going to continue."
“大体老师”的故事:以生命点亮生命2024-09-22 18:28
青岛西海岸新区:引项目 抓党建 助力乡村振兴建设2024-09-22 18:20
青岛工行:双时服务解民忧 金融为民显担当2024-09-22 17:49
新装备助力胶州市雨污分流改造项目提质增效2024-09-22 17:36
Get Thee to Totality: Chicago2024-09-22 17:24
清远赏花图、美食图、导购图,解锁这座“好吃、好看、好玩”的城市!2024-09-22 17:00
鈥滀负鍏氱妗c€佷负鍥藉畧鍙测€濆井鐢靛奖銆婂洖澹般€嬮鏄燺涓浗灞变笢缃慱闈掑矝2024-09-22 16:58
优化硬件设施 做实城市“里子”2024-09-22 16:39
高温难耐,工会驿站化身“清凉小屋”2024-09-22 16:11
续约2023赛季中超冠名,中国平安连续十年赞助中超联赛2024-09-22 15:48
Travel Back in Time and Uncover Old2024-09-22 18:16
“青文驿”午间音乐会将高雅艺术送进楼宇2024-09-22 18:09
续约2023赛季中超冠名,中国平安连续十年赞助中超联赛2024-09-22 17:50
鍏嶈垂瑙傜湅锛岀煡鍚嶄箰闃熺洏灏艰タ鏋楃瓑鍦ㄩ噾娌欐哗鍟ら厭鍩庡紑婕擾涓浗灞变笢缃慱闈掑矝2024-09-22 17:49
NASA rover snaps photo of its most daunting challenge yet2024-09-22 17:44
中国国际时装周|雅设走出青岛的本土美学品牌2024-09-22 17:04
青岛灵山湾影视文化产业区打造新经济引领区2024-09-22 16:41
中国平安2022年实现归母营运利润1,483.65亿元 每股股息同比提升1.7%2024-09-22 16:36
Pakistan Cricket at crossroads after shock defeat at Pindi2024-09-22 16:26
岭南春来早,南粤春耕忙2024-09-22 15:55