What happened to Bad Rabbit?

ransomware datto2

Although the hype about Bad Rabbit ransomware seems to have subsided a little, the threat of further ransomware attacks is very real. Throughout this year, there have been a number of sophisticated cyber-attacks that have affected major organisations across the globe, including the NHS.

Bad Rabbit first appeared on 24th October 2017, as a new self-propagating ransomware variant, which began to infect media organisations in Russia and critical infrastructure within the Ukraine. It shared many similarities with an earlier variant “NotPetya” including: shared code, similar ransom notes, encryption of files and the Master Boot Record (MBR), and the ability to self-propagate.

The initial infection method was a typical example of social engineering. It began by users downloading malware disguised as fake Adobe Flash Player updates from hacked websites. These websites were compromised by having JavaScript injected into the HTML or files.

A component in Bad Rabbit meant that if one person in an organisation clicks the fake Adobe link and becomes infected, it could potentially move to every other computer or server on the network and lock data on all of them. The risk of the infection spreading across the network is further supported by a component of Bad Rabbit that ‘guessed’ commonly used usernames and passwords to try and get access to other systems.

Whilst SME business owners may believe that cyber attackers only have an interest in large organisations, this is not the case. The truth is that to these attackers, all vulnerabilities provide them with an opportunity to exploit whether that be directly for financial gain, to gain access to valuable data or use hacked systems as a platform from which to commit further cyber-crimes.

There is no such thing as 100 secure. However, there are a number of preventative steps that can help business owners to mitigate the risk of a cyber-attack. Although this can come at a cost, the cost is likely to be much less than the financial demands of ransomware attacks or post-attack investigations. Prevention is better than cure.

Preventative steps:

  1. Ensure your software is patched and up to date
  2. Ensure anti-virus and anti-malware solutions automatically conduct regular scans
  3. Manage the use of privileged accounts, offering administrative access to only a select few employees and providing the least amount of access to files across the network
  4. Document your information assets and prioritise which are the most business critical so that they can be best protected
  5. Test your backups to make sure your information is available. If you don’t have a backup solution it’s time to seriously consider it!
  6. Have IT conduct regular penetration testing against the network, actively looking for vulnerabilities
  7. Educate your employees in cyber security. Arguably, this is the most important step as people provide the biggest vulnerability to businesses. Train them to scrutinize links before they click, set secure passwords and maintain them, identify scams and attempted social engineering

Blog Categories

Share this post