Why Bad Rabbit ransomware was easily preventable

October 27, 2017

by Asher DeMetz

Another ransomware attack made its way across the globe this week. Bad Rabbit started spreading across Russia and Eastern Europe on Oct. 24, and was detected in Germany, Japan, and the U.S. It never should have made it that far.

The ransomware came from hacked websites, where a pop-up window encouraged users to update Adobe Flash. Once inside a system, it spread laterally across networks using a standard list of weak passwords.

For now, it looks like the attack is over. But just like WannaCry, Petya/NotPetya, and every other ransom attack before them, Bad Rabbit never should have spread in the first place.

A quality proxy with filtering would have stopped users from connecting to the hacked sites, some of which had been compromised for months. Security awareness training may have made users think twice before installing updates that weren’t from a verified source. A solid credential-management program would have slowed Bad Rabbit’s propagation across networks.

Ransomware is easy to avoid with the right strategies. Now’s a good time to review your own. Do you have all of the following in place, updated, tested, and ready to go?

  1. BCDR and resilience. An effective and practiced BCDR and resilience strategy and incident response program around ransomware can be the difference between a disaster and any other workday.
  2. Backups. Maintain clean, air-gapped backups that can be used in case of any disaster to get the business quickly back on track.
  3. Segmentation. Networks should be well segmented so that if one segment gets infected it can be quickly detached from the rest of the network. Credentials should also be segmented to limit the spread of infection.
  4. Vulnerability Management (VM). An effective VM program will quickly install patches and security updates, and harden systems as needed. Make sure you have one in place.
  5. Spam filters. Strong spam filters catch malicious emails coming into the company so unsuspecting users don’t even have a chance to click on bad links.
  6. Proxy filtering. Strong filtering on proxy servers will catch malicious websites that may deliver ransomware like Bad Rabbit did.
  7. Anti-virus/Anti-malware (AV/AM). Keep AV/AM up to date to catch potential viruses and malware. It’s basic, but it works.
  8. Security awareness training. Train employees so they recognize malicious emails, think twice before clicking links or opening attachments, and verify software updates before downloading.
  9. Increase security budgets. When you compare it to the potential cost of an attack, in downtime, lost data, and lost productivity, a bigger budget is cheaper in the long run!

These are essential areas of any info sec program. If you take your security seriously, you’ll have already implemented them. If you haven’t, now’s a good time to start filling any gaps.

Ransomware like Bad Rabbit will always be a threat. With the right strategy, however, it’s easily avoidable.

Other Posts You Might Be Interested In

3 ways to defuse the threat of ransomware

by Dan Muse Any cyber-attack makes IT pros shudder, but ransomware adds an extra element by its very nature – after all, you are not only attacked, but held hostage....

How to avoid ransomware attacks: Lessons from Baltimore, Atlanta and other cities

by Asher de Metz Baltimore estimates that its ongoing ransomware attack will cost $18.2 million in recovery costs and delayed and lost revenue. The city has already...

Why everyone’s thinking about ransomware the wrong way

by Sandra Bell It’s become a fact of life that hackers might lock down your computer, blocking access to your most valuable data, and vowing to free it only if you...