Advertisement

Bad Rabbit malware allegedly used NSA hacking tool

By
Sara Shayanian
Bad Rabbit was reportedly spread to computers using a fake Adobe Flash update. File photo by Rob Engelaar/EPA
Bad Rabbit was reportedly spread to computers using a fake Adobe Flash update. File photo by Rob Engelaar/EPA

Oct. 27 (UPI) -- The Bad Rabbit malware, which U.S. analysts say originated in Russia, allegedly used a leaked National Security Agency hacking tool.

Cisco researchers found that the malware used an NSA tool called EternalRomance that takes capitalizes on a vulnerability in Windows computers by bypassing security over Server Message Block file-sharing connections.

Advertisement

The vulnerability enables hackers to remotely execute instructions on Windows clients and servers.

EternalRomance was leaked this year by a group called The ShadowBrokers, who released the tools they said were from the NSA.

RELATED U.S. warns of 'Bad Rabbit' ransomware that hit computers in Europe

It is not, however, the same NSA tool made famous by earlier ransomware outbreaks NotPetya and WannaCry.

The ShadowBrokers released several packages of the EternalRomance tools, all of which they said had been stolen from the NSA.

The news comes after the U.S. Computer Emergency Readiness Team, a division of the Department of Homeland Security, said it's "received multiple reports" of ransomware infections called Bad Rabbit in many countries around the world, including Russia, Ukraine and Germany.

Advertisement
RELATED Hackers inject malware into CCleaner antivirus software

A fake Adobe Flash update reportedly helped spread the malware. Once installed on one computer, the hackers could use other techniques to spread it to other computers on the same network.

The hack predominantly affected Russian users and even interrupted service in Ukrainian mass transit. However, the source of the attack is still unclear.

"There is a lot of speculation that Russia is the main target, which may be true, but does not rule out Russia as the attacker," Dr. Andrea Little Limbago, chief social scientist at Endgame, said.

RELATED WannaCry ransom money is on the move

Latest Headlines