54BD 783A 27D2 85C1 C46D 5A02 3651 ADE3 E402 9FC2

  1. Bad Rabbit also utilised EternalRomance – NSA leaked / Microsoft SMB / Patch: MS17-010
    - Ever get pop-ups saying Flash / Java, etc. needs to be updated when you browse to a site?
    - “The majority of servers and websites that supported Bad Rabbit activity appear to have been shut down, just a day after reports of the ransomware campaign emerged. Bad Rabbit affected computers in Russia and Ukraine earlier this week. The malware was spread largely through watering hole attacks that pushed out phony Flash updates that execute a dropper on infected machines. According to several research firms, there is evidence that suggests Bad Rabbit may have a connection to Petya and NotPetya.” – www.sans.org/newsletters/newsbites/xix/85#304
    - One more reason why we should be happy that flash is dying – RIP
    - Further reading:
    1. Rough summary of developing BadRabbit info
    2. Bad Rabbit: Ten things you need to know about the latest ransomware outbreak
    3. Kaspersky: Bad Rabbit ransomware
    4. Reuters Exclusive: Ukraine hit by stealthier phishing attacks during BadRabbit strike