This ransomware is no longer being distributed, so you’re unlikely to be hit by it unless a new variant comes about, or the associated infrastructure fires back up. Yet it’s still hitting headlines. Why? For one, Bad Rabbit was much more sophisticated in its branding, aesthetics, and use of quirky references than most ransomware attacks we see day-to-day. What’s more, ransomware is big news and media outlets like to ride the bandwagon as far as it will take them, even to the extent of spreading fear and misinformation that only serve the attackers’ interests – making their attacks seem much bigger and more effective than they really are. However, ransomware is still prevalent, virulent and on the rise. Bad Rabbit’s use of the embedded EternalRomance exploit goes to show how attackers are constantly evolving their tradecraft. That being said, at its heart Bad Rabbit is just another one of the many variants of ransomware we see daily and should be defended against just like every other ransomware threat.
Don’t panic
Scaremongering and alarmist news coverage just empowers attackers and creates a culture of fear. You can always come to us for information and advice.
Whilst ransomware is a huge threat, it’s just one of many that businesses face. With increasingly sophisticated (sometimes state-sponsored) threat groups able to run hugely advanced, targeted, stealthy attacks, the biggest threats to your business are the ones you’ll never hear about.
Investing in a specialist managed detection and response service (MDR) is the best way to stay safe and informed. Learn more about MDR and why threat hunting is the cornerstone of our approach.
What can we learn from Bad Rabbit?
- The response from the security industry was much more measured and factual than the reports from many national newspapers; with a constant stream of updates from researchers tearing the sample apart to understand its true capabilities. It was also much more methodical and timely than previous outbreaks, demonstrating lessons learned and illustrating that security professionals should always be the first point of call for updates – rather than the media.
- Bad Rabbit shared a number of similarities to the NotPetya outbreak in June, although it only utilized the embedded EternalBlue exploit, while NotPetya used EternalBlue and EternalRomance – both are patched under MS17-010. Organizations have had plenty of time and reason to apply these patches or implement alternative controls, and hence should be immune to this vector.
- Given the increase in the popularity of ransomware, organizations need suitable controls in place to defend against it. Detection is simply not enough, and preventative measures such as managed ransomware detection (e.g. Countercept’s Ransomflare) should be provisioned.
- Bad Rabbit was spread via a very convincing prompt to download Adobe’s Flash. Always download software from a verified source and don’t just click a pop-up prompt. If you don’t already, then it’s a good idea to follow this principle routinely. You can avoid a lot of phishing attempts by always logging into your accounts independently to make changes or check transactions, rather than clicking through from emails or entering passwords into pop-ups.
Categories