Blog
Have you heard of Bad Rabbit?
Get to Know the Fast-Spreading Malware Threat Before It Gets to Know You
Earlier this year, a ransomware variant called Petya spread across North America hitting corporate giants like Merck and FedEx. The virus is so serious that some affected companies were faced with the fact that their data was simply not recoverable. In fact, FedEx and other affected companies faced material financial impact in light of the attack. Merck also experienced financial losses of over $275 million, prompting many businesses to take a second look at cybersecurity insurance strategies.
Petya’s Latest Variant: Bad Rabbit Ransomware Starts Rampage With Hits on Russian & Ukrainian Companies
Business owners took notice when Petya first hit the scene, but there’s good reason for professionals to stay on high-alert. Like most malware viruses, Petya has morphed into countless variants over time. The latest potential Petya variant has been dubbed Bad Rabbit and has already affected systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city, of Kiev, according to BBC. Even worse, Bad Rabbit Shows no signs of stopping as it spreads rapidly across Russia, Ukraine, Germany and now into North America.
Touching Down in the US: Bad Rabbit Spreads to North America and Has US Department of Homeland Security Taking Notice
Early Wednesday morning, leading anti-virus security company, Avast, reported that the Bad Rabbit virus had made its way to the US. Though specific breach details are difficult to come by, the US Department of Homeland Security (DHS) issued a warning about Bad Rabbit yesterday stating:
“US-CERT has received multiple reports of Bad Rabbit ransomware infections in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.”
DHS urged individuals and businesses to take notice and be vigilant in the face of this latest malware attack. To combat the threat, DHS is urging IT professionals to review US-CERT Alerts TA16-181A and TA17-132A, each of which describes recent ransomware events.
While cybercriminals can often be hard to track and prosecute, DHS is urging professionals to recognize the importance of making explicit reports in the case of an attack. The organization asked any potential victims of Bad Rabbit to report ransomware incidents to the Internet Crime Complaint Center (IC3) immediately.
So, How Does It Work? Understanding How the Bad Rabbit Virus Moves in and Takes Company Networks Hostage
Bad Rabbit might sound like a goofy cartoon character but the impacts of this ransomware variant are no laughing matter. The Bad Rabbit virus works swiftly to encrypt the contents of a computer and asks for a payment of 0.05 bitcoins, or about $280 (£213), according to recent reports.
The ransomware masquerades itself as a convincing update for Adobe Flash, and once downloaded it attempts to spread within victims’ networks, according to The Wall Street Journal. In reality, of course, the attacks “do not utilize any legitimate Flash Player updates nor are they associated with any known Adobe product vulnerabilities,” warns an Adobe spokeswoman.
Bad Rabbit in the US: How to Move Faster than the Virus to Protect Your Company’s Data and Continuity
In the face of this looming cyber threat, professionals have one question: how can I protect my business from the Bad Rabbit virus? Cybersecurity professionals across the country have been working to identify concrete ways to prevent the Bad Rabbit virus and help business owners stop the cybercriminals in their tracks. The leading ways to keep your company in the clear are listed below.
Vaccinate your Machines: Early Wednesday morning, a Massachusetts researcher from Cybereason, claimed that he has a vaccine to protect customers from Bad Rabbit. Following this short series of fool-proof steps will automatically vaccinate your company’s computers, laptops, and other devices, keeping them safe from Bad Rabbit invasion:
- First, create two files: C:Windowsinfpub.dat& C:Windowscscc.dat.
- Then, go into the each of the file’s properties and remove all permissions to both files. When doing this, remove the inheritance so the files do not inherit the perms of the C:Windows folder.
Monitor your Event Logs: Microsoft has also been working diligently to issue threat reports regarding Bad Rabbit. They refer to Bad Rabbit as Ransom:Win32/Tibbar.A. and state that Windows Defender can detect the ransomware using detections updates 255.29.0 and higher. So, the first step is ensuring the latest Defender updates have been installed on all your company machines.
Next, Microsoft states that since Bad Rabbit will clear the event logs and create various scheduled tasks under the names Drogon, Rhaegal and Viserion, business owners can monitor their event logs to proactively detect this type of malicious activity.
The key events that business owners should be looking for include:
- Event 1102 – this indicates that the audit log has been cleared
- Event 106 – this indicates that a scheduled task has been created.
System administrators can then attach a scheduled task to these events that will run a specified command if the events are detected. This command, for example, could require an email or alert to be sent to an administrator. If these events are detected proactively, they could offer an indication that the computer has been scheduled for a shutdown. Microsoft suggests business owners can then abort this process by using the shutdown-a command.
Reach out to Local IT Experts for Guidance and Support: When threatening and complicated reports of ransomware hit the news waves, it can understandably leave business owners feeling paralyzed – unsure of how to best implement strategies for prevention and protection. That’s where IT experts come in. Managed IT providers have the experience and resources necessary to help educate you and your staff members and reduce your chances of having data held hostage.
Although most IT providers are committed to providing information and resources that empower business owners to protect themselves, professionals should never have to face overwhelming cyber threats alone. Sometimes reaching out for support is the best way to protect your business and restore peace of mind.
If you’re worried about Bad Rabbit and its ability to take hold of your critical business data and not sure how to best protect your business, reach out to IT experts for most proactive cybersecurity support. Whatever you do, don’t wait to fall down the rabbit hole.