Last Updated: 2017-10-24 16:09:36 UTC
by Xavier Mertens (Version: 1)
About 2 hours ago, reports started to come about a new ransomware wave hitting RU Media agency Interfax, but it is extending to others in both RU and UA
It seems to be delivered via malicious URL as fake flash update and then using EternalBlue and Mimikatz for lateral movement and further spreading.
Discoder/#BadRabbit IOCs as found by ESET:
There are still lots of speculation though as analysis is early stage, more need to come. At least it's not Friday!
Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant