IT Support in Seattle

Enter Your Information Below To

Book a Complimentary Review.

















CyberStreams will never sell or rent your contact information. Your info is secure with us.

How can I protect myself against Bad Rabbit?

By:Christine Fettinger

A new ransomware attack dubbed Bad Rabbit began hitting organizations in Russia and Eastern Europe on October 24. The ransomware hit Russian media outlets, the Kiev metro system and Ukraine’s Odessa International Airport.

How can I protect myself against Bad Rabbit?

Luckily, Bad Rabbit is not that difficult to protect yourself against. The ransomware is spread by clicking ‘Install’ on a fake Flash Player update on compromised websites. If you are prompted for a Flash update, do it on a website you trust like Adobe. Most of the infected websites were based in Russia, Bulgaria and Turkey although at least one was an American site.

Some security products claim to protect against Bad Rabbit including Kaspersky and ESET. SonicWALL’s Capture Advanced Threat Protection sandboxing service successfully stopped three different sample Bad Rabbit attacks. It is best to double-check that your antivirus software can protect against it.

It is also possible to block Bad Rabbit from executing its code since it is known what files the ransomware uses. According to Kaspersky Lab, users can block the execution of file ‘c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.’ to prevent infection.

How does Bad Rabbit compare to other ransomware attacks?

The total number of infections from Bad Rabbit appears far lower than with WannaCry and Petya. Less than 200 organizations have been affected so far. Researchers have suggested that this was a targeted attack against corporate networks instead of an indiscriminate attack. The ransom demand is slightly less than WannaCry’s, at around $285 or .05 bitcoin.

Bad Rabbit appears to be based on the Petya/NotPetya ransomware. They share an almost identical ransom note and 67% the same code. Bad Rabbit uses an exploit called EternalRomance to take advantage of a SMB protocol that transfers data between connected computers. This exploit allows the ransomware to infect other computers on the network if one becomes compromised.

Petya used this same exploit to propagate and WannaCry used EternalBlue, a similar SMB exploit. Both EternalRomance and EternalBlue exploit vulnerabilities that were already patched by Microsoft earlier this year. This is yet another reason to ensure your computers are up-to-date on their patches and security updates.

Ransomware attacks like these are not going anywhere

With this being the third large ransomware attack in 2017, the question of a ransomware attack hitting your business is less of an ‘if’ and more of a ‘when’ question. The best defense against ransomware is preparation. This means backing up your data regularly and having a business continuity solution in place. Then, if your business is hit by ransomware, you can run a back-up to get access to your data instead of paying the ransom.

For help in thwarting ransomware like Bad Rabbit, contact CyberStreams an experienced provider of IT security managed services. We are in Seattle, Bellevue and Western Washington and can be reached at (425) 274-1121 or sales@cyberstreams.com.