Here we go again. And I'm not talking about that rascally rabbit Bugs Bunny acting up.
On Tuesday, a new strand of ransomware named Bad Rabbit appeared in Russia and the Ukraine and spread throughout the day. It first was found after attacking Russian media outlets and large organizations in the Ukraine, and then found its way into Western Europe and the United States.
The initial installer masquerades as an Adobe Flash update but is believed to be an updated version of NotPetya, since the infection chain and component usage is identical. Interestingly, this malware contains a list of hardcoded Windows credentials, most likely to brute force entry into devices on the network.
According to SonicWall Capture Labs Threat researchers, Bad Rabbit spreads using the SMB protocol within Windows. We should think of it as a bug fix maintenance release of NotPetya. The purpose of using the SMB protocol is to spread laterally across an organization.
Beyond the potential vulnerability big companies getting hit still shows us, the scary part is that this time they're looking to wreak havoc rather than simply hold your data hostage.
So what does this all mean?
It's just another reminder of the importance of your business having the appropriate security posture above and beyond just for compliance sake. It means taking real and meaningful steps to secure and protect your systems and data.
What are the practical steps you should be doing...
- Implement a solid backup and disaster recovery solution
- Implement an ongoing user security awareness training program!
- Ensure all endpoints are secure with a managed Anti-virus program
- Ensure your network edge is secured with a managed firewall program
- Ensure your users are protected with an Internet Threat Protection layer (like Cisco Umbrella)
- Control what programs are allowed to run on your firm's computers (ie: privilege management)
On top of this, here are a couple of other additions that would add an additional robust layer of protection:
- Implement dual-factor authentication for your network
- Implement cyber security intrusion monitoring
For some related thoughts, check out a couple of our more recent blogs:
- My Network's Secure, Right?
- 8 Ways to Protect Your Network Against Ransomware
- Hands Down the Best Cyber Security Investment
- The Cliff Notes of ESET's Small Business Cybersecurity Survival Guide and Datto's Ransomware Report
- The Cliff Notes of Verizon's 2017 Data Breach Report
However, fear not - if you're currently an FPA Managed Service client and you're fully on our "FPA Stack", then you've set yourself up for success with a strong foundation to protect against this latest attack.
What do you think? Has this info been helpful? Let us know in the Comment box below or shoot me an email if you’d like to chat about this in more detail.