BAD RABBIT, EXPETR MAKE YOU WANNACRY
Two large-scale global ransomware attacks this year were the infamous global WannaCry and ExPetr (also known as Petya and NotPetya). The WannaCry or WannaCrypt ransomware attack affected more than 230,000 computers in over 150 countries. And now a third attack, dubbed “Bad Rabbit”, is on the rise.
So what exactly are these attacks and how do they work? How extensive is their reach and what’s the damage?
More importantly, how can you ensure that you and your organization don’t fall victim to these and other ransomware attacks? Let’s take a look at these three attacks in a little more detail later, but first – what is ransomware?
What Is Ransomware?
Ransomware is a type of malware (malicious software) that encrypts your files or locks your computer, blocking access to the computer or its data and requires payment in order for you to regain access. Once you’ve become infected, there is little you can do except accept that you have lost your data. It is not recommended that you pay the ransom.
How Does It Work?
When a computer is infected, the ransomware encrypts important documents and files and then demands a ransom, typically in Bitcoin, for a digital key needed to unlock (decrypt) the files. If victims don’t have a recent back-up of the files they must either pay the ransom or face losing all of their files.
Who Does It Target?
If you use a PC or mobile device to access the Internet, you are at risk. While ransomware initially targeted individuals, increasingly companies are being targeted over private consumers for larger ransom demands. Cyber criminals are turning their attention from attacks against private users to targeted ransomware attacks against businesses and large organizations and corporations as larger ransom demands can be made.
How Do You Get It?
Ransomware can get on people’s computers in different ways such as clicking on a bad
link in an email or downloading something with a malicious code, or by exploiting vulnerabilities in outdated systems. If you or your organization is running a version of Windows, you could be at risk.
The WannaCry ransomware affects machines running the Windows operating system. It was a security flaw that was originally exploited by the U.S. National Security Agency (NSA) which was then leaked and used by hackers. Like WannaCry, “Petya” spreads rapidly through networks that use Microsoft Windows, and targets a vulnerability in older Windows systems called EternalBlue.
In the case of the latest Bad Rabbit ransomware, victims innocently download a fake Adobe Flash installer from infected websites and manually launch the .exe file, thereby infecting themselves.
How Common Is It?
Because it’s so lucrative, there are newer, sophisticated versions being released, and there are even off-the-shelf “ransomware kits” that are readily available for would-be cybercriminals where no hacking skills are even required. In this Ransomware-as-a-Service model, ransomware creators offer their malicious products ‘on demand’, and spread it by multiple distributors and getting a cut of the ill-gained profits. Ransomware will continue to be a threat to individuals, businesses and organizations.
How Bad Is It?
The WannaCry ransomware attack that hit in early May of this year, affected thousands of other organizations and businesses around the world, and was one of the most widespread ransomware attacks that has ever taken place. The estimated damage it caused could exceed $1 billion despite only around $100,000 in bitcoins having so far been paid in ransoms to the perpetrators.
The WannaCry attacks were experienced globally, with victims affected across 150 countries, including the UK, the US, Denmark, China, Ukraine, Russia, Germany, Japan, India, Spain, France, Norway and Denmark.
Large organizations and companies hit included Spanish phone company Telefónica, Russian banks, telecom providers, the Russian railway system, and even the interior ministry. The U.K.’s National Health Service took a hit in May, with hundreds of clinics and several hospitals affected, forcing surgery delays and cancelled appointments. Britain’s WPP, the world’s largest advertising company was also affected.
Police in the Indian state of Andhra Pradesh reported that 25% of its police computers were infected by the ransomware, forcing it to take systems offline in order to prevent data loss. In China, over 100,000 computers in several Chinese universities were frozen and locked and the Chinese Public Security Bureau was also a victim. Other high profile companies that fell victim include French automobile manufacturer Renault, and Japanese electronics maker Hitachi, as well as some Nissan plants.
Banks, airports, government offices, and the power grid in the Ukraine were targeted, as well as the radiation-monitoring system in Chernobyl, the site of the 1986 nuclear disaster. In Norway the National Security Authority said a ransomware attack was taking place at one of the country’s companies and in Denmark, the massive Danish shipping company A.P. Moller-Maersk was affected. German postal and logistics company Deutsche Post and the wholesale retailer Metro and the pharmaceutical giant Merck was hit too.
FedEx’s TNT shipping unit was hit with NotPetya malware in July.
How Much Does It Cost?
For the Petya ransomware, hackers demand $300, paid in Bitcoin. The WannaCry ransom amount also starts at $300 but the cybercriminals threaten to double that amount within 72 hours of attack and to permanently lock files after seven days.
Bad Rabbit victims are directed to a payment page with a countdown timer and are instructed to make the payment of 0.05 bitcoin (around $280) within the first 40 hours if they want their files decrypted. Those who don’t pay the ransom before the timer reaches zero are told the fee will go up and will have to pay more.
This year alone it is predicted that ransomware damage costs would exceed $5 billion, according to Cybersecurity Ventures’ Ransomware Damage Report 2017. This figure includes costs that go well beyond the ransom
itself to include productivity losses trying to get systems back online and potential revenue losses from down days.
Smaller, more targeted ransomware attacks can also do considerable damage to small businesses. According to an Osterman Research Survey Report, among more than 1,000 small and medium businesses that experienced a ransomware attack in the last year had to stop business operations immediately and on average, small companies lost over $100,000 per ransomware incident due to downtime.
Victims are advised not to pay the ransom as there is no guarantee that access to files or your computer will be given back and the likelihood of receiving decryption keys are almost nil. Despite this, some organizations feel they have no alternative but to pay the ransom.
Will My Antivirus Protect Me?
Unfortunately, traditional antivirus (AV) software is not sufficient. Malware is constantly evolving and “morphing” to evade AV protections. Every organization now requires advanced malware protection and you need a combination of security measures that block malicious files and “sandbox” suspicious traffic beyond the traditional antivirus software, such as that provided by Zscaler.
For more information on Zscaler security solutions, and other security measures to protect your business, please contact us at Ascension Global Technology.
How Do I Protect Myself From Ransomware?
In addition to having advanced malware protections, it is important that you use good computing habits in order to protect yourself from ransomware. Here are some practical tips on good online security habits:
BACK UP YOUR COMPUTER
Backup, Backup, Backup! First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.
UPDATE COMPUTER SYSTEMS, PROGRAMS & APPLICATIONS FREQUENTLY
To protect from ransomware, ensure systems are up to date, run anti-virus software and ensure data is frequently backed up. Make sure all Windows updates are installed as soon as they come out. It is important to keep all programs updated, especially Java, Flash, and Adobe Reader as older programs contain security vulnerabilities that are commonly exploited by malware distributors.
Ransomware attacks like WannaCry and Petya can be avoided by keeping software and anti-virus programs up to date.
DON’T CLICK ON ANYTHING SUSPICIOUS
Do not open attachments if you do not know who sent them and do not open attachments until you confirm that the person actually sent you them. Use a scan attachment tools before opening attachments.
Employees should also be educated and know how to identify suspicious emails or links and report them to IT departments.
INSTALL GOOD SECURITY SOFTWARE
Every business and organization needs advanced malware protection and security measures that block malicious files and “sandbox” suspicious traffic, such as that provided by Zscaler.
For more information on how to adopt Zscaler and other security protections, contact us at Ascension Global Technology.
USE STRONG PASSWORDS
Safeguard your passwords by using strong, confidential and unique passwords that are hard to guess and never reuse the same password across multiple sites. The strength of a password is a based on a combination of it’s length, complexity, and unpredictability. Using strong passwords lowers the overall risk of a security breach, but strong passwords do not replace the need for other effective security controls such as having good security software.
Tips for creating a strong password include:
– Use a minimum password length of 12 to 14 characters.
– Include lowercase and uppercase alphabetic characters
– Use numbers and symbols.
– Generate passwords randomly where feasible.
PROTECT YOURSELF WHEN USING PUBLIC WI-FI
When using public Wi-Fi, you are viewable to everyone else using that network. Make sure to change your security settings on your computer or phone when on a public network. Usually, computers will ask you automatically if you want to be viewable on the network, but check your security settings just to be sure you are not set to public.
Using a VPN, or a virtual private network can hide your computer from those using a public network. However, while but it can help you not be a target the use of a VPN won’t fight malware.
For more information on what should I do to protect myself and your organization, contact
Ascension Global Technology – a recognized leader in cyber security advisory services.