A new kind of malware hit Eastern European countries such as Russia, Ukraine, Bulgaria, and Turkey yesterday. Dubbed as Bad Rabbit by researchers, initial reports suggest the ransomware is similar to the NotPetya outbreak earlier this year.
Chester Wisniewski, principal research scientist, Sophos, said, “It appears this latest variation, the so-called Bad Rabbit ransomware, is being distributed via a fake Adobe Flash Player installer file. Initial reports are primarily from Eastern Europe, especially focused on Russia and Ukraine. What makes this malware more dangerous than your typical ransomware being distributed in a similar manner is its ability to spread across an organisation as a worm and not just through email attachments or vulnerable web plugins.”
According to Wisniewski, partners can play a key role in helping customers during such ransomware attacks.
“Organisations looking to protect themselves from threats like Bad Rabbit need to stay focused on a defense-in-depth approach to security,” he added.
He further said that gateway solutions like Sophos Email Appliance, Sophos Web Appliance, Sophos SG and Sophos XG UTM customers are able to prevent infection both by using anti-virus identities and through the use of proactive sandboxing technology. The firm also blocks the known Internet distribution points with its web protection technology and Sophos CryptoGuard stops the attack on any exposed endpoints using Sophos Intercept X.
Wisniewski said, “The key is to provide these protections at all layers as many times the threat will mutate and be able to dodge some layers of protection. As threats evolve, protection needs to stay nimble and provide that critical safety net for when the criminals try to outwit our technology.”
Additionally, customers must follow key practices to avoid becoming a victim to these outbreaks. Partners also have a role to play to help customers ensure their software is up to date with the latest patches.
“They must back up regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete,” explained Wisniewski. “Partners can help customers encrypt their backup so that they don’t have to worry about the backup device falling into the wrong hands.”
At the end of the day, “defense in-depth” is the only way customers can attempt to stay safe from such attacks.
He added, “Criminals constantly try to outwit security products, having many layers of protection helps bridge the gap when one is evaded.”