You may have heard about the recent outbreak of ransomware known as Bad Rabbit. This variant of Petya, another of the Cryptolocker ransomware viruses, is currently spreading in Russia and Eastern Europe. While it has not hit big yet in the United States, it is always better to be aware of these attacks ahead of time. Centrality’s Director of IT, Joseph Conklin, provides input on the ransomware and how to prevent it from affecting your business.
Here are some basic facts about Bad Rabbit:
- It is a ransomware variant. This means that it will find common data files – including all Microsoft Office documents, spreadsheets, Powerpoint presentations, etc. – and encrypt them with a strong key that you cannot break unless you agree to pay the “ransom” in Bitcoin. Besides being expensive, and putting money into the hands of criminals, it is a complicated transaction that can take days to complete. Your best bet if you are infected and your data is encrypted is to have a reliable recent backup to restore from.
- Bad Rabbit has to be manually downloaded and installed via a fake Flash update. If antivirus software catches the executable at any stage, or if the user simply doesn’t install it, then it can’t do any harm. Basically, a user will be taken to a website that states that Flash is outdated. In order to view the content on the page, they need to run the update. Clicking the update link will download the file install_flash_player.exe, and at that point, the machine is infected. Also, it may be part of a phishing email. The method of protection here is simply this: Don’t click on anything you don’t trust!
- Several antivirus products claim to protect against Bad Rabbit, including Bitdefender, which is the engine behind Centrality’s Managed Antivirus offering.
Methods of Prevention
Ensure your machines, both PCs and Servers, are Patched. To prevent Bad Rabbit spreading through your network, you need to be sure that all the latest Windows Security Bulletins have been installed. Bad Rabbit’s means of spreading through network shares should have been taken care of through Windows Patching.
If your network is protected by any of Centrality’s Managed Services offerings, including Managed Antivirus and Managed Windows Patching, the threat at the desktop is very much reduced. For the periphery of the network, our Barracuda NextGen Firewall with Advanced Threat Protection includes several features that do not even allow the threat to reach the desktop. This layer security approach and ongoing preventative maintenance hygiene is fashioned to be most effective and minimizes these type of threats. For protection of your Exchange Online – Office 365 email accounts, our MSP Essentials offering is a relatively inexpensive add-on license. And if Bad Rabbit, or any virus, does infect your network, again, a reliable and recent backup such as our Managed Backup and Cloud Backup will enable your data to be restored with minimum loss and minimal downtime and interruption to your business continuity.
Any combination of these security solutions will reduce the odds of any threat. Of course, nothing is 100% guaranteed. User education is also very important, and your users should know when “not to click.” If you have any doubts about your users’ awareness of phishing scams in emails, we also offer Cyber Security Awareness Training. This will tell you who on your network is clicking on emails they shouldn’t. In addition, it also provides training videos for user education to keep your staff informed of best practices.