Following in the footsteps of WannaCry and Petya, Bad Rabbit is the latest strain of Ransomware to create havoc in several countries across the world. The attack is causing computer systems in Russia and around Europe to grind to a halt.
According to Martin Walshaw, senior systems engineer for F5 Networks, the Bad Rabbit infection is not captured by most common anti-virus solutions, which means users could be infected without knowing.
“Initial analysis indicates that the malware script identifies target users and presents them with a bogus Adobe Flash update prompt. When the user accepts this, malware is downloaded and the encryption attack takes place. In the absence of stringent controls and appropriate security solutions, businesses are left in the hands of their users,” he says.
As with many aspects of information security, prevention is better than cure.
Walshaw points out though that, unfortunately, there is no silver bullet to protect against this type of attack.
“The best methods currently available include reliable backups hosted outside of the network and maintaining an up-to-date response plan. In addition, organisations need systems such as SSL to inspect devices.
“It is also important to filter and monitor emails for phishing attacks, clean encrypted traffic that may be hiding malicious software, as well as reduce and restrict full administrative privileges to contain damage from a compromised account,” he says, adding that as ever, all organisations should be ensuring that substantive user training and education takes place on a regular basis.
Mimecast cybersecurity expert Steven Malone comments: “Ransomware season is open again as yet another new strain, dubbed Bad Rabbit, is reported to be spreading fast. Initial analysis shows this to be another variant of ExPetr/Petya, the malware that affected businesses globally just a few months ago and which uses the same SMB flaws to spread laterally once inside a network.
“As businesses in Russia and Ukraine report infections, global companies must look inward and ask themselves: Have I done enough? Did we patch our systems after Petya? Have we shored up our perimeter web and email defenses?
“History tells us the answer to these questions is very likely no, so once again, brace for further widespread outbreaks.”
Kasperskky Lab explains that most of the victims targeted by the latest attacks are located in Russia, although similar but fewer attacks have been seen in Ukraine, Turkey and Germany.
The ransomware infects devices through a number of hacked Russian media websites and appears to have been a targeted attack against corporate networks, using methods similar to those used during the ExPetr attack.
Kaspersky researchers cannot confirm if it is related to ExPetr, but is continuing with its investigation.