CrosswordNewsletters
DAILY BEAST
ALL
  • Cheat Sheet
  • Politics
  • Crime
  • Entertainment
  • Media
  • Innovation
  • Opinion
  • World
  • U.S. News
  • Scouted
  • Travel
CHEAT SHEET
    POLITICS
    • Biden World
    • Elections
    • Opinion
    • National Security
    • Congress
    • Pay Dirt
    • The New Abnormal
    • Right Richter
    • Trumpland
    MEDIA
    • Daytime Talk
    • Late-Night
    • Fox News
    U.S. NEWS
    • Identities
    • Crime
    • Race
    • LGBT
    • Extremism
    • Coronavirus
    WORLD
    • Russia
    • Europe
    • China
    • Middle East
    SCIENCE
    • Hunt for the Cure
    • Rabbit Hole
    TRAVEL
      ENTERTAINMENT
      • TV
      • Movies
      • Music
      • Comedy
      • Sports
      • Sex
      • TDBs Obsessed
      • Awards Shows
      • The Last Laugh
      HALF-FULL
        CULTURE
        • Power Trip
        • Fashion
        • Books
        • Royalist
        TECH
        • Disinformation
        SCOUTED
        • Face Masks
        • Clothing
        • Technology
        • Bedroom
        • Kitchen
        • Home
        • Fitness
        • The Case For
        • I'm Looking For
        • New Kids On the Block
        COUPONS
        • Adidas Promo Codes
        • DoorDash Promo Codes
        • H&M Coupons
        • Hotwire Promo Codes
        • Wine.com Discounts
        • Vitacost Coupons
        • Spanx Promo Codes
        • StubHub Promo Codes
        Products
        NewslettersPodcastsCrosswordsSubscription
        FOLLOW US
        GOT A TIP?

        SEARCH

        HOMEPAGE
        Disinformation

        Ransomware Ripping Through Russia and Ukraine Uses Stolen NSA Code

        LOST AND FOUND

        ‘Bad Rabbit’ hit media organizations and other targets this week and utilizes an exploit revealed by the U.S. losing control of its hacking tools.

        Joseph Cox

        Updated Oct. 27, 2017 4:49AM ET / Published Oct. 26, 2017 2:50PM ET 

        Photo Illustration by The Daily Beast

        This week a new breed of ransomware, which locks down computers until a victim pays a fee, ripped throughout Russia, Ukraine, and a selection of other countries. The ransomware, known as Bad Rabbit, had a trick up its sleeve: it utilized a previously leaked exploit from the U.S. National Security Agency, giving the malware more power to spread throughout networks.

        The news highlights the continuing fallout from one of the NSA’s most significant data breaches, both for the agency itself, but, more importantly, the wider public across the world.

        Specifically, Bad Rabbit deployed an exploit called EternalRomance, according to research from Talos, part of cybersecurity firm Cisco. Security company Group-IB also told The Daily Beast that Bad Rabbit used the NSA’s exploit. EternalRomance takes advantage of an issue in SMB, a protocol for transferring data between connected Windows computers, and allows a hacker to more effectively propagate from infected machine to other targets.

        Craig Williams, senior technical leader at Talos, told The Daily Beast the malware uses EternalRomance as a backup vector—if something else fails, EternalRomance can make sure the job gets done.

        This exploit is a sought-after piece of code; something that criminal hackers or government spies may try to keep to themselves, for fear of it being fixed or falling into their adversaries’ hands. In this case, EternalRomance’s original owner, the NSA, lost control of that precious tool.

        In April, a elusive group of self-described hackers called The Shadow Brokers released EternalRomance along with a cache of other powerful exploits onto the public internet, for anyone to download for free after somehow stealing it from the NSA. At the time of writing, it is not entirely clear how The Shadow Brokers obtained these exploits, or whether the breach is connected to one of the other myriad breaches which have plagued the NSA in recent years.

        Microsoft had quietly patched EternalRomance and other exploits a month earlier, but hackers across the world quickly worked the NSA’s tools into their own code—plenty of organizations and individuals fail to install fixes even when they are available. Perhaps most devastating was the WannaCry malware in May, which used several of caused massive disruption throughout UK hospitals. More recently, another piece of ransomware called NotPetya, which researchers believe is something of a cousin of Bad Rabbit, used EternalRomance and hit energy companies and other infrastructure in Ukraine and beyond, including businesses in the U.S.

        Bad Rabbit’s victims include major media organizations in Russia, the Kiev metro, and the Odessa International Airport in Ukraine, Group-IB noted in a blog post. In another post, the cybersecurity firm says it is highly likely that the hackers behind Bad Rabbit were one and the same as the earlier NotPetya campaign. Some Ukrainian analysts believe NotPetya was the work of Russian government hackers in an effort to cause disruption rather than generate any sort of financial revenue.

        To be clear, the use of an NSA exploit is not the only factor behind the spread of this malware. As multiple security researchers have noted, the malware is delivered to a victim’s computer when they visit a specific set of websites, and, as mentioned, the exploit was used more as a backup mechanism.

        But hackers deploying EternalRomance does still pour salt on a months-long open wound with the NSA’s ability to keep sensitive information secure, including some of its most valuable code and tools.

        READ THIS LIST

        DAILY BEAST
        • Podcasts
        • Cheat Sheet
        • Politics
        • Crime
        • Entertainment
        • Media
        • Covid-19
        • Half Full
        • U.S. News
        • Scouted
        • Travel
        • Subscription
        • Crossword
        • Newsletters
        • Podcasts
        • About
        • Contact
        • Tips
        • Jobs
        • Advertise
        • Help
        • Privacy
        • Code of Ethics & Standards
        • Diversity
        • Terms & Conditions
        • Copyright & Trademark
        • Sitemap
        • Coupons
        © 2022 The Daily Beast Company LLC