What We Can Learn from Bad Rabbit – the Latest Ransomware Outbreak
Last week the third major ransomware outbreak in 2017 was spreading through Eastern Europe and even starting to creep further across the globe. So far striking Russia and Ukraine the most, Bad Rabbit has disrupted industries ranging from media outlets to banks. Some reports even have the attack showing up right here in the U.S.
Similar to the Petya/NotPetya ransomware outbreak earlier this year (so similar in fact that Bad Rabbit reportedly shares 2/3 of its code with variants of Petya), this ransomware encrypts a system, requests a ransom (the current rate is about $285 in bitcoin) to decrypt the victim’s files, and then attempts to spread itself across the network.
With ransomware and cyberattacks commonplace in today’s world, what takeaways can come out of the Bad Rabbit outbreak to help prevent these types of attacks from derailing your organization?
What We Can Learn from the Bad Rabbit Outbreak
Cybersecurity Training for Employees is Critical
Bad Rabbit initially tricks users into downloading and installing it by posing as an Adobe Flash update on compromised websites. From there, Bad Rabbit encrypts files, schedules tasks, propagates across networks, and other dirty work. With a proper employee cybersecurity training program in place, your employees would be better prepared to deal with unprompted installation requests like the one Bad Rabbit employs.
When you consider that 25% of data breaches are caused by employee mistakes (like downloading a malicious application), having a comprehensive training program can help protect your organization from not just ransomware but phishing attacks as well.
We’ve found that online, fully-interactive security awareness training that explores the entire threat landscape along with simulated attacks can be a good starting point. Not currently offering a training program at your organization? Let’s talk about how to get you a more cyber-aware workforce and better protection from future threats.
Keep Your Systems Patched and Up to Date
Even though Bad Rabbit is initially downloaded with human-assistance, it then leverages a previously patched exploit to further it’s malicious purpose. Though it didn’t leverage the EternalBlue exploit like previous ransomware outbreaks WannaCry and Petya/NotPetya, it did take advantage of another reportedly leaked exploit called “EternalRomance”.
According to reports, this vulnerability was patched by Microsoft back in June 2017. If you were unfortunate enough to find Bad Rabbit on your network, having this patch applied to your applicable systems would’ve potentially prevented it from propagating further.
Similarly, keeping your anti-malware, anti-virus protection up to date is important to prevention as well. Several vendors have said their products are now protecting against Bad Rabbit and products like Cisco advanced malware protection (AMP) can also help protect your organization as a part of a multi-layered approach to cybersecurity.
As with WannaCry and Petya/NotPetya earlier this year, keeping your systems up to date can help mitigate potential damage caused by these kinds of attacks. Unsure of where all the gaps and vulnerabilities exist in your network? We can help you not only find your vulnerabilities but also give you an action plan on how to address them.
Consider Employing a Business Continuity Solution
In the unfortunate event you were one of the companies hit by Bad Rabbit and had your data encrypted, you weren’t likely left in the best position – especially if you didn’t have a business continuity or backup solution in place. Even if you had backups available, traditional backups may take a while to fully restore all the data you’ve effectively lost. That downtime during restores can result in a sizable cost to your business.
That’s where a robust business continuity solution can really shine. As opposed to traditional backup, a business continuity solution could have your data restored and usable in a matter of days or hours as opposed to days or weeks. Specifically, some Business Continuity-Disaster Recovery-as-a-Service (BCDRaaS) solutions like the one offered by Kelser can shorten that recovery to a matter of minutes in many cases.
Taking it a step further, Kelser’s BCDRaaS offering can even detect the footprint of ransomware-like activity in your environment proactively and alert you to its presence. Though in this case it may be best served as another layer in a multi-layered approach, a business continuity solution can be a saving grace in the event you suffer a data disaster (or a disaster of any kind). Check out our Recovery Time (RTO) & Downtime Cost Calculator to evaluate your recovery process and see what downtime could cost you in real dollars.
It’s Important to Get Started Improving Your Cybersecurity
As cybersecurity experts, we understand that the ever-looming threat of ransomware and mounting a thorough defense against it can feel overwhelming. That’s why we’re here to help you harden your defenses, establish a reliable business continuity or backup plan, strengthen your cybersecurity posture, and keep your business running even in the event of a disaster. As allies of your IT department, we’re happy to work in whatever capacity fits your needs. Whether it’s for added horsepower or taking entire troublesome challenges off your plate – we’re here to free up your organization to do what you do best.