by Asher DeMetz
Another ransomware attack made its way across the globe this week. Bad Rabbit started spreading across Russia and Eastern Europe on Oct. 24, and was detected in Germany, Japan, and the U.S. It never should have made it that far.
The ransomware came from hacked websites, where a pop-up window encouraged users to update Adobe Flash. Once inside a system, it spread laterally across networks using a standard list of weak passwords.
For now, it looks like the attack is over. But just like WannaCry, Petya/NotPetya, and every other ransom attack before them, Bad Rabbit never should have spread in the first place.
A quality proxy with filtering would have stopped users from connecting to the hacked sites, some of which had been compromised for months. Security awareness training may have made users think twice before installing updates that weren’t from a verified source. A solid credential-management programme would have slowed Bad Rabbit’s propagation across networks.
Ransomware is easy to avoid with the right strategies. Now’s a good time to review your own. Do you have all of the following in place, updated, tested, and ready to go?
- BCDR and resilience. An effective and practised BCDR and resilience strategy and incident response programme around ransomware can be the difference between a disaster and any other workday.
- Backups. Maintain clean, air-gapped backups that can be used in case of any disaster to get the business quickly back on track.
- Segmentation. Networks should be well segmented so that if one segment gets infected it can be quickly detached from the rest of the network. Credentials should also be segmented to limit the spread of infection.
- Vulnerability Management (VM). An effective VM programme will quickly install patches and security updates, and harden systems as needed. Make sure you have one in place.
- Spam filters. Strong spam filters catch malicious emails coming into the company so unsuspecting users don’t even have a chance to click on bad links.
- Proxy filtering. Strong filtering on proxy servers will catch malicious websites that may deliver ransomware like Bad Rabbit did.
- Anti-virus/Anti-malware (AV/AM). Keep AV/AM up to date to catch potential viruses and malware. It’s basic, but it works.
- Security awareness training. Train employees so they recognise malicious emails, think twice before clicking links or opening attachments, and verify software updates before downloading.
- Increase security budgets. When you compare it to the potential cost of an attack, in downtime, lost data, and lost productivity, a bigger budget is cheaper in the long run!
These are essential areas of any info sec programme. If you take your security seriously, you’ll have already implemented them. If you haven’t, now’s a good time to start filling any gaps.
Ransomware like Bad Rabbit will always be a threat. With the right strategy, however, it’s easily avoidable.