Bad Rabbit ransomware: cybercrime continues its exponential rise in 2017
“Bad Rabbit” is the latest ransomware attack to hit organisations, having affected numerous major businesses across Russia, Ukraine, Turkey and Germany as of October 24th. It is the latest addition to a wave of cyberattacks that have been targeting businesses across the globe throughout 2017.
Kaspersky later confirmed the method of attack. While the user is visiting a legitimate website, the malware, masquerading as an Adobe Flash Installer, is offered to them for download. No specific vulnerability exploits are used, meaning the victim still has to manually execute the program once downloaded. If installed, Bad Rabbit encrypts all files on the infected system, locking out the user. They receive this message:
While the message itself appears strangely civil, the demands are far from it. The ransomware demands 0.05 Bitcoin—the equivalent of around $290—in exchange for the restoration of the user’s files and devices. Compatible with all versions of Windows operating software, once the malware executable is running, there is little the victim can do to decrypt their files apart from paying the ransom.
What can we learn from the Bad Rabbit attack?
The malware behind Bad Rabbit is reportedly a new variant of Petya ransomware—also known as exPetr, Petrwrap and GoldenEye—that differs from the WannaCry attack that ground the UK’s National Health Service (NHS) to a halt. Microsoft released numerous security patches to stop the WannaCry virus from spreading across corporate networks; Bad Rabbit instead scans internal networks for open shared folders, and uses a hardcoded list of commonly-used credentials to try and force a log-in and execute the malware.
The major anti-virus vendors have already begun publishing signature updates to their software to deal with the threat. But this is just another incident in a long list of cyberattacks that have occurred in recent years. 2017 certainly feels like the peak of cybercrime to date, but we can only expect the rate of cybercrime to increase in coming years. Ransomware damage costs will exceed $5 billion this year, up from $325 million in 2015—a fifteen-fold increase in just two years. Businesses who believe the rise in cybercrime will soon reach a plateau may be in for a nasty surprise.
The truth is that businesses must do more than simply update their anti-virus software if they want to maximize the security of their business and regain control of their data.
Proactive data protection
2017 has proven that no business is exempt from cybercrime. The government sector is, for the first time ever, the most targeted sector alongside Finance. Ransomware like Bad Rabbit is targeting small businesses—50% of small and medium-sized organisation reported suffering at least one cyberattack in the past 12 months.
How can you protect your business from ransomware attacks?
- Cybersecurity assessments
Cybersecurity assessments provide a holistic assessment of your IT security architecture, from your documentation policies to your firewall. Offering visibility into the strongest and weakest areas of your business, assessments can help you manage risk, maintain compliance, and align to the best practice in your industry.
- Security awareness training
IT security skills are in short supply. Security awareness training informs users of the inherent risks of cloud and mobile working, the Internet of Things, and more. Most importantly, you can educate users on how to avoid the threats these technologies pose to your business and its reputation.
- Threat Management as a Service
Most organisations have already made the commitment to protecting themselves from ransomware through implementing security solutions from companies like Symantec or McAfee. But there is a high level of complexity associated with operating them. Threat Management-as-a-Service removes this complexity by monitoring, detecting, analysing and responding to security anomalies in real-time.
- Cloud Backup
Backing up your data is more necessity than nice-to-have in today’s cybersecurity climate. Cloud Backup services offer the flexibility to back up your servers and recover data between them regardless of location. Backup-as-a-Service software includes support for multiple operating systems so you can back up whether you’re in the cloud, on-premises or in a managed hosting environment.
Having not spread much further than Russia and Ukraine, Bad Rabbit has, amid this wash of high-profile cyberattacks in 2017, not received the same publicity as the WannaCry and NotPetya attacks. But there can be little doubt that the affected companies will say Bad Rabbit is the worst cyberattack of the year for them.
As cybercrime continues to rise, businesses must ensure they do not become desensitized to the threat of ransomware. You must ensure you are fully prepared and your cybersecurity measures are the best they can be. Ransomware can come at any time. You must be ready.
For more information on the state of ransomware and what your business can do to safeguard its data, visit Dimension Data’s ransomware information hub.