Earlier this week, reports began surfacing about a new variant of ransomware called Bad Rabbit. It is a ransomware attack infecting computers, mostly in Europe, but news of the malware is coming from other countries as well. This ransomware is a variant of the NotPetya ransomware attack that took place earlier this year, except this new attack uses what’s known as a watering hole attack, or a method of exploit targeted at a specific group of users.

How Bad Rabbit Targets Users

In this case the specific target group is anyone who uses Adobe Flash on their computer or device. The attack takes place when users visit an infected website. The site flashes a pop-up message that recommends an update to Adobe Flash, like the one shown below.

Bad Rabbit is a strain of ransomware affecting businesses mostly in Russia and the Ukraine.

Since this is a common program, the attack surface has the potential to be very large, but it appears to have been caught early enough that most of the damage is so far centered around Russia, the Ukraine, and other countries around the world. Still, Bad Rabbit has the potential to affect the computer systems and devices of SMBs here in the U.S. and the best defense is knowledge.

How It Works

When the user clicks the Install button to update Adobe Flash, an executable file is installed to the hard drive. It then begins to encrypt files and spread across the network. Once all the files on a computer are encrypted a ransomware message like the one below appears and users must pay the ransom to have their files decrypted. The ransom, which is requested as bitcoin, a digital currency, is around $280 (U.S.), per infected computer.

The Bad Rabbit ransomware encrypts computer files and requires a Bitcoin ransom payment for the release of those files.Source: WeLiveSecurity.com

If users are infected by this ransomware, their only option is to restore their files from a clean backup or pay the ransomware. We recommend that users never pay the ransom. It is not a guarantee that your files will be restored. Restoring your data from a clean, recoverable copy is more effective method of ensuring that your systems are back up and running, and ransomware free, as quickly as possible.

Know You’re Protected

The best way to know your SMB is protected from ransomware like Bad Rabbit is to have a fully developed, documented security plan. In the absence of such a plan, partnering with an MSP that offers SMB-focused security solutions ensure your company can withstand ransomware attacks, malware, and other security threats. Advanced Network Solutions provides layers of protection to mitigate these sorts of attacks for our customers:

  • Regular maintenance ensures client operating systems are regularly updated and patched
  • Antivirus/anti-malware software is running on both end user computers and servers. This software is updated multiple times throughout the day
  • Monitored firewalls inspect traffic coming from the internet utilizing definitions that are updated multiple times daily
  • Spam filtering inspects all incoming and outgoing messages for malicious activity
  • Encryption ensures your data is safe at rest and in transit
  • Data backup and recovery is available to ensure clients can recover from any disaster in under and hour, with complete data intact.

Our antivirus vendor, has assured us that their product stops Bad Rabbit, but we want to remind everyone to remain vigilant. Diligence when using technology both at home and in the office is essential to remaining protected against ransomware threats like this one and other types of malware that could damage your systems or compromise sensitive data.