Security Update: Bad Rabbit Ransomware Attack Another ransomware attack is making the rounds and hitting the headlines. Almost two months after the Locky Ransomware variant spread and made headlines worldwide, the latest ransomware bug is called Bad Rabbit, and it is, indeed, bad. The attacks originally targeted Russia and Eastern Europe, but reports are showing it's spreading to other regions, including the U.S. How Does it Work As you may know, ransomware is a form of malware software that encrypts your data and "kidnaps" access to your computer and applications. The perpetrators then request a specified amount of money to be paid in order for you to regain access. This Bad Rabbit ransomware attack works similar to the previous threats, but with a slightly different strategy. It spreads when users visit ransomware-infected websites. A pop-up box appears and the website prompts the user to download an Adobe Flash Player update. If the user downloads it, the ransomware is installed on the user’s computer and starts to encrypt files. The problem with Bad Rabbit is that it looks legitimate at first. The prompt to download the Flash Player update appears to be real, and could be very deceiving for an unsuspecting user. Ransomware attacks like Bad Rabbit are increasingly popular among hackers, as they have primarily shifted away from attacking servers and now focus on end users. In general, end users are typically less technical and have different levels of trust. The FBI expects the ransomware industry to reach $1 billion for cybercriminals this year, and the government reports that more than 4,000 ransomware attacks happen every day. According to a Ponemon Institute report, 56 percent of organizations are not prepared to fight ransomware attacks. What to Do First, beware of any prompts to download a Flash Player update. If you need to run an update, it's recommended to download the latest version directly from the Adobe website. If your organization has been affected by ransomware, consider these four steps recommended by Fortinet: Isolate infected devices immediately by removing them from the network as soon as possible to prevent ransomware from spreading to the network or shared drives. If your network has been infected, immediately disconnect all connected devices. Power-off affected devices that have not been completely corrupted. This may provide time to clean and recover data, contain damage, and prevent conditions from worsening. Contact law enforcement immediately to report any ransomware events and request assistance. You can file a complaint at www.ic3.gov and provide the following information (as stated by the FBI): Date of infection Ransomware variant (identified on the ransom page or by the encrypted file extension) Victim company information (industry type, business size, etc.) How the infection occurred (link in email, browsing the Internet, etc.) Requested ransom amount Actor’s bitcoin wallet address (may be listed on the ransom page) Ransom amount paid (if any, not recommended) Overall losses associated with a ransomware infection (including the ransom amount) Victim impact statement 8 Prevention Tips It’s not enough to simply react. Your organization needs to be proactive with its approaches to Bad Rabbit and other forms of ransomware. Here are eight steps to defend against attacks: Employee awareness: This is important enough to bear repeating, because the number one element to preventing ransomware from invading your devices and network is the human element. Educate your employees on how to identify phishing emails, malware, and ransomware. Continuous education and testing of employees’ understanding through internal phishing campaigns are crucial pieces to the ransomware solution. Back up regularly: As mentioned above, make sure you’re backing up data on a regular basis. Also, it’s a good idea to test your backups often to ensure they are operating as planned and can be efficiently restored. Update and patch regularly: Make patches and updates on your system, software, and firmware frequently. Limit administrative access: Don’t allow employees to have administrative account access. This will restrict what a ransomware attack could potentially infect. Have software restrictions: Prevent ransomware attacks from infiltrating and running common programs with a software restriction policy, or put access controls in place. Eliminate macros: Macros automatically perform frequent tasks, but they can be disabled. Disabling macros will ensure malicious content doesn’t automatically load. Block internet ads: Many third-party ads have some type of malware. It’s best to avoid the risk by disabling all internet ads on devices. Have a plan: Having a plan in place is essential for preparedness. This plan should thoroughly lay out response and solution details should your organization fall victim to an attack. Whether it’s your organization’s network that gets infected or an individual PC, the impact of Bad Rabbit and other forms of ransomware can be devastating. You can permanently lose important and private information, expose critical flaws in your organization, impact your reputation, and potentially lose a lot of money. However, even if you pay the ransom, it doesn’t guarantee that you’ll get the data back. The FBI recommends that you don’t pay the ransom, because it will only encourage cyber criminals and keep ransomware attacks like Bad Rabbit thriving. Is your organization prepared for a ransomware attack? Rob Griffith Rob Griffith is an Account Executive for Aureon, focusing his attention to the Aureon Technology business unit. Over the past 8 years Rob has worked exclusively with small to midsize businesses with an emphasis on the banking vertical. His focus has been helping companies with data center strategy, security and compliance.