Beware the Bad Rabbit (The Latest Rascally Ransomware)

Author: Craig Pollack Date: Oct 25, 2017 Topics: Cybersecurity

Beware the Bad Rabbit (Ransomware)

Here we go again. And I'm not talking about that rascally rabbit Bugs Bunny acting up.

On Tuesday, a new strand of ransomware named Bad Rabbit appeared in Russia and the Ukraine and spread throughout the day. It first was found after attacking Russian media outlets and large organizations in the Ukraine, and then found its way into Western Europe and the United States.

The initial installer masquerades as an Adobe Flash update but is believed to be an updated version of NotPetya, since the infection chain and component usage is identical.  Interestingly, this malware contains a list of hardcoded Windows credentials, most likely to brute force entry into devices on the network. 

According to SonicWall Capture Labs Threat researchers, Bad Rabbit spreads using the SMB protocol within Windows. We should think of it as a bug fix maintenance release of NotPetya. The purpose of using the SMB protocol is to spread laterally across an organization. 

Beyond the potential vulnerability big companies getting hit still shows us, the scary part is that this time they're looking to wreak havoc rather than simply hold your data hostage.

So what does this all mean?

It's just another reminder of the importance of your business having the appropriate security posture above and beyond just for compliance sake. It means taking real and meaningful steps to secure and protect your systems and data.  

What are the practical steps you should be doing...

  1. Implement a solid backup and disaster recovery solution
  2. Implement an ongoing user security awareness training program!
  3. Ensure all endpoints are secure with a managed Anti-virus program
  4. Ensure your network edge is secured with a managed firewall program
  5. Ensure your users are protected with an Internet Threat Protection layer (like Cisco Umbrella)
  6. Control what programs are allowed to run on your firm's computers (ie: privilege management)

On top of this, here are a couple of other additions that would add an additional robust layer of protection:

  1. Implement dual-factor authentication for your network
  2. Implement cyber security intrusion monitoring

For some related thoughts, check out a couple of our more recent blogs:

However, fear not - if you're currently an FPA Managed Service client and you're fully on our "FPA Stack", then you've set yourself up for success with a strong foundation to protect against this latest attack.

What do you think? Has this info been helpful? Let us know in the Comment box below or shoot me an email if you’d like to chat about this in more detail.

New Call-to-action


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.