News & Blog

Russia Hit By Ransomware

By Francis West on 25th October 2017

A new type of ransomware dubbed "Bad Rabbit", similar to WannaCry and Petya, has been spreading across Russia, Ukraine and into other countries.

What is Ransomware?

Ransomware is a form of malware that typically encrypts important files on the victim’s computer. The victim is then given a ransom demand, the payment of which should mean that the encrypted files can be released. In reality, some types of ransomware delete many important files anyway, and paying the ransom does not guarantee that any files will be released.

How Does It Infect?

The Bad Rabbit ransomware appears to be spread via a bogus Adobe Flash update and, worryingly, is still undetected by the majority of anti-virus programs.

What Does ‘Bad Rabbit’ Do?

Like other ransomware, Bad Rabbit encrypts the contents of the victim’s computer and asks for a payment of 0.05 Bitcoins / £213 to release the locked data. It is common for ransom demands to be made in the crypto-currency Bitcoin because it is out the control of banks and provides anonymity for the perpetrators.

In order to pay the ransom, users are directed to a .onion Tor domain where, where a countdown on the site shows the amount of time before the ransom price goes up.

Some tech / security commentators have noticed references to Game of Thrones characters in the malware.

What Effect Has It Had?

Bad Rabbit is reported to have hit almost 200 victims, most of which are in Russia and Ukraine, although others are in Turkey and Germany.

For companies that have been infected, whole servers have been locked down, thereby rendering the day-to-day IT-based aspects of the business impossible.

High profile victims of Bad Rabbit to date include Russian news agency Interfax where its subscription services were all made unavailable, the St. Petersburg-based Fontanka.ru news website, Ukraine's Odessa International Airport where its information system stopped functioning, Ukraine’s Ministry of Infrastructure and Kiev’s public transportation system.

What Does This Mean For Your Business?

For UK businesses and other organisations, it’s a case of always being on the lookout for suspicious emails and updates, keeping security software up to date and regularly backing up critical data. The advice with Bad Rabbit (according to The US computer emergency readiness team), as with other ransomware is to not pay the ransom, as is unlikely to guarantee that access will be restored.

In order to provide maximum protection against more prevalent and varied threats this year, businesses should now adopt multi-layered security solutions. Businesses should accept that there is a real likelihood that they will be targeted and therefore prepare for this by implementing the most up to date security solutions, virtual patching and education of employees in order to mitigate risks from as many angles ('vectors') as possible.

Having workable and well-communicated Disaster Recovery and Business Continuity Plans in place is now also an important requirement.

Comments