Much like a flu outbreak that greets the beginning of fall, there is a new ransomware attack spreading throughout the globe.
Bad Rabbit is a ransomware variant that was discovered this week to be infecting systems in a way very similar to WannaCry and Petya. Operating in very much the same way as those attacks from earlier this year, Bad Rabbit appears to be using much of the same code used by Petya/Not Petya. In this case, however, the nefarious code spreads via a fake Flash update targeted at corporate environments. A pop-up appears requesting that the user updates their Flash, whereupon interaction with that code triggers a ransomware demand – 0.05 bitcoin (roughly the equivalent to $285), which is payable on a dedicated Tor payment page that includes a timer. If the ransom isn’t paid within the allotted time, payment increases.
The attack appears to be primarily centered in Russia and Eastern Europe, but reports indicate it has been detected as far away as South Korea. The overall number of those affected is not yet known, but the attack has hit some big targets like the Odessa International Airport and the Kiev Metro system.
It will be interesting to do an autopsy once this passes. Considering the similarities in Petya and Bad Rabbit, one has to wonder if the market for malicious code is growing. If so, and it’s not a stretch to see why, ransomware will become an even more stressful component of the CIOs concerns.
CIOs and CISOs are going to need ways to stop bad code from entering their networks, and isolating and shutting it down if it does. In the case that an organization gets hacked, a clear process for incident response and remediation is critical. Identification is the first and most critical step, and enterprises need to have continuous awareness of what’s happening so when a risk approaches, it can be identified and managed. Know the activity in your environment, and you can control it.
Ransomware isn’t going away, unfortunately, but those that are prepared can avoid the negative repercussions that quickly spread and do damage.