advertisement
Bad Rabbit ransomware impact not yet known, say PwC Cyber experts
A wave of Bad Rabbit ransomware attacks have been taking place across Europe since Tuesday, 24 October. The ransomware appeared…
A wave of Bad Rabbit ransomware attacks have been taking place across Europe since Tuesday, 24 October.
The ransomware appeared first in Russia, but has since spread to Turkey, German and the Ukraine. Initial attacks were carried out on Ukraine Ministry of Infrastructure and Kiev Public Transport System. The attack is targeted towards corporate networks, with a notable focus on media outlets. Russian media outlets such as Interfax and Fontanka.ru were hit by the ransomware.
Computers infected with the malware direct users to a TOR (The Onion Router) domain where they are asked to pay .05 bitcoin (around €240) in exchange for the return of their data. A countdown is initiated that will cause the ransom price to increase if the payment is not made. It has not yet been confirmed whether the Bad Rabbit actually collects the ransom and decrypts the data.
advertisement
Pat Moran, PwC Cyber Leader said: “Bad Rabbit, which remains undetected by the majority of anti-virus programs, is similar to the Petya attack carried out earlier this year. However, unlike Petya, Bad Rabbit is not a wiper. It is a drive-by attack which requires the victim to download a fake Adobe Flash installer from an infected website and manually launch the .exe file. To operate correctly, it needs elevated administrative privileges which it attempts to obtain using the standard User Account Control (UAC) to prompt a user for administrator credentials. It is not yet known whether it is possible to get back files that have been encrypted by Bad Rabbit.”
Strategic recommendations
Leonard McAuliffe, Director, PwC Cyber Practice, said “Ransomware is an increasingly prevalent threat, with a rising number of variants designed to target corporate networks. In spite of this scourge, there are many pragmatic steps which organisations can take to reduce the likelihood of incidents, limit their impact when one does occur, and to recover swiftly and effectively. ”
advertisement
These span several aspects of IT operations and security and primarily relate to:
Strong security hygiene policies and user awareness
Preventing ransomware entering your IT environment through the most common delivery vector, phishing, by enforcing strong controls at your email gateways and network perimeters, and developing vigilant employees through robust awareness campaigns.
With regard to Bad Rabbit specifically, you should always ensure that end user accounts do not have administrator privileges to install software downloaded from websites. You should also ensure that nefarious websites which may be compromised with malware are blocked to reduce the risk exposure.
advertisement
Robust business continuity planning and exercising
Ensuring that individual user systems and key servers can be restored rapidly from backups, and that the frequency of backups aligns to the timeframe of data your organisation is prepared to lose in the event of any system being rendered unusable.
Crisis and incident response planning and exercising
Ensuring that there are formal procedures in which employees and those responsible for the management of high priority incidents are well versed to streamline the organisation’s reaction to ransomware events and its ability to restore service to employees and customers; and,
Rigorous patch and vulnerability management
The vulnerabilities exploited in this attack have already been addressed via Microsoft ‘critical’ patches released in March, as well as this week, and a robust vulnerability management programme will help reduce the likelihood of exploitation.