The Threat

Ransomware is a type of malicious software that carries out a cyber extortion attack using crypto-virology that blocks access to data and displays a message requesting payment to unlock it. Simple Ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer’s Master File Table (MFT) or the entire hard drive.  From the hacker’s viewpoint ransomware is a numbers game, even if only a small percent of the wave of thousands of targeted users they potentially infect pay the ransom, it is still a very lucrative venture.

Well, there’s now another wave of new ransomware nicknamed “Bad Rabbit” which presently hitting Russia, Ukraine and spreading across Eastern Europe. It’s expected that it could come to the US. Among the early victims of the attacks, was Russia’s Interfax news agency which revealed that a number of its servers were taken offline by Bad Rabbit. The Ukranian version of Computer Emergency Readiness Team issued an advisory for the potential of widespread ransomware attacks. Among the infrastructure attacked in Ukraine by Bad Rabbit is the Kiev Metro and the Odessa airport. The name Bad Rabbit comes from the title of the ransomware page that exploited users are directed to after being infected by the ransomware.

Prevention / Protection

Here are some best practices or processes can you put in place to protect you, your home and your office from Bad Rabbit Ransomware attacks.

1. Take Regular Backups

Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device such as an external USB hard drive and stored in a safe place, unconnected from your computers when not being used.

Regularly check the contents of backup files of databases for any unauthorized encrypted contents of data records or external elements, (backdoors/malicious scripts.)

2. Beware of SPAM & Unsolicited Emails

Don’t open any attachments in unsolicited emails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited email, even if the link seems benevolent. In cases of genuine URLs close out the emails and go to the organizations website directly through browser.

3. Disable Macros

Disable macros in Microsoft Office products. Most MS Office products allow for the disabling of macros that originate from outside of an organization and can provide a hybrid attack approach when the organization depends on the legitimate use of macros. For Windows and Microsoft Office, specific settings can be implemented to block macros originating from the Internet from running.

 4. Restrict Access Privileges

Configure access controls including file, directory, and network share permissions with lowest workable privilege level in mind. If user only needs to read specific files, they should not have write access to those files, directories, or shares.

 5. Update Anti-Virus Software

Always keep your antivirus software up to date on all systems. There is NO EXCUSE to not have current antivirus software installed on all of your computer systems and smartphones.  Please check out our blog article on Free Anti-Virus Software.

6. Block Malicious File Types

Block the attachments of potentially malicious or suspicious file types that have the following extensions: exe, pif, tmp, url, vb, vbe, scr, reg, cer, pst, cmd, com, bat, dll, dat, hlp, hta, js, wsf.

7. Update Operating System

Keep your operating systems and third party applications (MS Office, browsers, browser plugins) up-to-date with the latest security patches and upgrades.

8. Stay Safe While Browsing the Web

 Follow safe practices when browsing the web. Ensure all the web browsers are secured enough with appropriate content controls.

9. Disable Remote Connections

Disable Remote Desktop Connections and employ least-privileged accounts.

10. Enable Firewalls

Enable personal firewalls on all workstations and servers. Ensure that your firewall has been enabled with anti-spoofing filters and user and management permission rules.

Should you have any questions on the above or need assistance implementing these best practices and avoid the potential threat of ransomware, Intellinet Services can help! Intellinet will review your network and systems and implement or demonstrate how to avoid ransomware attacks using these easy implement best computer practices.