F61B 4059 1ED5 3B39 86FA F164 ECEF 6072 135F B7B7

  1. Bad Rabbit also utilised EternalRomance – NSA leaked / Microsoft SMB / Patch: MS17-010
    - Ever get pop-ups saying Flash / Java, etc. needs to be updated when you browse to a site?
    - “The majority of servers and websites that supported Bad Rabbit activity appear to have been shut down, just a day after reports of the ransomware campaign emerged. Bad Rabbit affected computers in Russia and Ukraine earlier this week. The malware was spread largely through watering hole attacks that pushed out phony Flash updates that execute a dropper on infected machines. According to several research firms, there is evidence that suggests Bad Rabbit may have a connection to Petya and NotPetya.” – www.sans.org/newsletters/newsbites/xix/85#304
    - One more reason why we should be happy that flash is dying – RIP
    - Further reading:
    1. Rough summary of developing BadRabbit info
    2. Bad Rabbit: Ten things you need to know about the latest ransomware outbreak
    3. Kaspersky: Bad Rabbit ransomware
    4. Reuters Exclusive: Ukraine hit by stealthier phishing attacks during BadRabbit strike