I guess the NSA is the gift that keeps on giving. It appears that the Bad Rabbit ransomware that hit over 200 major organizations this week, primarily in Russia and the Ukraine does indeed use the EternalRomance exploit that leaked out of the NSA. Disable your WMI service to prevent the malware from spreading over your network and continue to practice good hygiene when it comes to apps, ads, and emails. Thanks, NSA.



Bad Rabbit was reportedly distributed via drive-by download attacks via compromised Russian media sites, using fake Adobe Flash players installer to lure victims’ into install malware unwittingly and demanding 0.05 bitcoin (~ $285) from victims to unlock their systems.

Discussion

Source: [H]ardOCP – Bad Rabbit Ransomware Uses Leaked ‘EternalRomance’ NSA Exploit to Spread