Endpoint Security When Ransomware is Rampant

bad rabbit

The latest ransomware campaign has been targeting companies in Russia and Eastern Europe. The ransomware virus, called “Bad Rabbit,” was first detected on October 24th when it started infecting systems. At least three Russian media organizations were hit by the ransomware virus. Another Russian news agency was knocked offline by hackers when the ransomware virus was spreading. Bad Rabbit has spread to some systems in South Korea and the U.S., where a radio station’s website was targeted. In Ukraine, Odessa International Airport and the Kiev Metro were affected by cyber attackers.

The ransomware virus is spread by a prompt that calls for users to install a malicious Adobe Flash update when they visit a compromised news media website. When the user installs and executes the fake Adobe update with elevated privileges, the virus deploys and infects the user’s device. The malware was spread through servers that were under the control of hackers. The hackers initially set up their infection network on hacked sites in July 2017.

When users are infected by the ransomware virus, they see a message that says their files have been encrypted and are no longer accessible. The hackers then demand a payment in exchange for a decryption password. Victims are told to pay approximately $285 through bitcoin for a decryption key. If the user does not make the payment in time, the price for the decryption key goes up.

The virus was compared to WannaCry and NotPetya, two ransomware strains that worried businesses earlier this year. Bad Rabbit’s dynamic link library shares 67% of its code with NotPetya, according to security researchers. Bad Rabbit also contains an SMB component which allows it to spread without the need for user interaction.

The hackers who are behind Bad Rabbit are still unknown. However, some cybersecurity researchers believe that the Bad Rabbit attack was carried out by the same group that deployed NotPetya in June. The group, TeleBots, is known to operate out of Russia and focus on Ukrainian targets.

Some researchers also suspect that the Bad Rabbit ransomware attack was used to cover up a more insidious attack. TeleBots attacked Ukraine’s power grid back in 2015 and 2016, leading researchers to believe that the group is trying to collect data from sensitive targets in Ukraine. The NotPetya ransomware also hit targets in Ukraine particularly hard.

Ransomware is a serious threat that can disrupt organizational operations. Below are three ways companies can protect their data from a ransomware attack:

  1. Network Monitoring: Organizations that have visibility into their networks are more able to defend against ransomware attacks like Bad Rabbit. When companies have clear visibility into what’s running on their networks, they can see which of their devices or assets are vulnerable to ransomware attacks.
  2. Encrypt Data: Files and other information that is vital to organizations should be encrypted. Encryption allows companies to protect their data from a ransomware attack. In addition, important files should also be backed up regularly. In the event of a ransomware attack, backed up files provide access to data that is necessary for business to continue running through the day.
  3. Audit Applications: IT teams should conduct an application audit to make sure unauthorized software is not running on the company network. By conducting an application audit, IT teams can see if vulnerable third-party software is running on company devices. Company IT teams can also blacklist software that’s been proven to be untrustworthy while whitelisting approved software.