Our site uses cookies to make it work and to help us give you the best possible user experience. By using our site, you agree to our use of cookies. To find out more about cookies and how you can disable them, please read our cookies statement. 

Cookie Settings

You can manage your cookie settings by turning cookies on and off.

Click on the different cookie  headings to find out more about the types of cookies we use on this site and to change your settings. Please be aware that if you choose to turn off  cookies, certain areas of our site may not work and your browsing experience may be impacted.

For further information on how we use cookies, please see our cookies statement. 

Strictly Necessary Cookies

(Req)

These cookies are essential for the technical operation of and proper functioning of our site  and enable you to register and login, to easily move around our site, and to access secure areas. Without these cookies our site won't function properly.  

These cookies are required

Performance Cookies

Performance cookies allow us to collect aggregated and anonymous data on how our site is used, such as the number of visitors to our site, how you navigate around and the time spent on our site and also to identify any errors in functionality. These cookies also help us to improve the way our site works by ensuring that you can find what you’re looking for easily, to better understand what you are interested in and to measure the effectiveness of the content of our site. 

Marketing Cookies

These cookies allow us to advertise our products to you and allow us to pass this information on to our trusted third parties so that they can advertise our products to you on our behalf. All information these cookies collect is aggregated and therefore anonymous. No personal information is shared to third parties. Any personal information collected while using our website could be used for direct marketing from Dimension Data only.

Bad Rabbit ransomware: cybercrime continues its exponential rise in 2017

Blog

“Bad Rabbit” is the latest ransomware attack to hit organisations, having affected numerous major businesses across Russia, Ukraine, Turkey and Germany as of October 24th. It is the latest addition to a wave of cyberattacks that have been targeting businesses across the globe throughout 2017.

Kaspersky later confirmed the method of attack. While the user is visiting a legitimate website, the malware, masquerading as an Adobe Flash Installer, is offered to them for download. No specific vulnerability exploits are used, meaning the victim still has to manually execute the program once downloaded. If installed, Bad Rabbit encrypts all files on the infected system, locking out the user. They receive this message:

While the message itself appears strangely civil, the demands are far from it. The ransomware demands 0.05 Bitcoin—the equivalent of around $290—in exchange for the restoration of the user’s files and devices. Compatible with all versions of Windows operating software, once the malware executable is running, there is little the victim can do to decrypt their files apart from paying the ransom.

What can we learn from the Bad Rabbit attack?

The malware behind Bad Rabbit is reportedly a new variant of Petya ransomware—also known as exPetr, Petrwrap and GoldenEye—that differs from the WannaCry attack that ground the UK’s National Health Service (NHS) to a halt. Microsoft released numerous security patches to stop the WannaCry virus from spreading across corporate networks; Bad Rabbit instead scans internal networks for open shared folders, and uses a hardcoded list of commonly-used credentials to try and force a log-in and execute the malware.

The major anti-virus vendors have already begun publishing signature updates to their software to deal with the threat. But this is just another incident in a long list of cyberattacks that have occurred in recent years. 2017 certainly feels like the peak of cybercrime to date, but we can only expect the rate of cybercrime to increase in coming years. Ransomware damage costs will exceed $5 billion this year, up from $325 million in 2015—a fifteen-fold increase in just two years. Businesses who believe the rise in cybercrime will soon reach a plateau may be in for a nasty surprise.

The truth is that businesses must do more than simply update their anti-virus software if they want to maximize the security of their business and regain control of their data.

Proactive data protection

2017 has proven that no business is exempt from cybercrime. The government sector is, for the first time ever, the most targeted sector alongside Finance. Ransomware like Bad Rabbit is targeting small businesses—50% of small and medium-sized organisation reported suffering at least one cyberattack in the past 12 months.

How can you protect your business from ransomware attacks?

  • Cybersecurity assessments

Cybersecurity assessments provide a holistic assessment of your IT security architecture, from your documentation policies to your firewall. Offering visibility into the strongest and weakest areas of your business, assessments can help you manage risk, maintain compliance, and align to the best practice in your industry.

  • Security awareness training

IT security skills are in short supply. Security awareness training informs users of the inherent risks of cloud and mobile working, the Internet of Things, and more. Most importantly, you can educate users on how to avoid the threats these technologies pose to your business and its reputation. 

  • Threat Management as a Service

Most organisations have already made the commitment to protecting themselves from ransomware through implementing security solutions from companies like Symantec or McAfee. But there is a high level of complexity associated with operating them. Threat Management-as-a-Service removes this complexity by monitoring, detecting, analysing and responding to security anomalies in real-time. 

  • Cloud Backup

Backing up your data is more necessity than nice-to-have in today’s cybersecurity climate. Cloud Backup services offer the flexibility to back up your servers and recover data between them regardless of location. Backup-as-a-Service software includes support for multiple operating systems so you can back up whether you’re in the cloud, on-premises or in a managed hosting environment.

Not-so-Bad Rabbit

Having not spread much further than Russia and Ukraine, Bad Rabbit has, amid this wash of high-profile cyberattacks in 2017, not received the same publicity as the WannaCry and NotPetya attacks. But there can be little doubt that the affected companies will say Bad Rabbit is the worst cyberattack of the year for them.

As cybercrime continues to rise, businesses must ensure they do not become desensitized to the threat of ransomware. You must ensure you are fully prepared and your cybersecurity measures are the best they can be. Ransomware can come at any time. You must be ready.

For more information on the state of ransomware and what your business can do to safeguard its data, visit Dimension Data’s ransomware information hub.

Previous Article: Holiday-time and cybercrime – it's the season to be vigilant Next Article: Improve your collaborative power with Microsoft Teams and Skype for Business

You may be interested in

Roads
Blog

SDN is redefining the data centre

To understand how the data centre is changing within the enterprise, it’s important to recognise that its essential functions are not changing.

Read blog
Robot hand
Blog

Behavioural analytics and artificial intelligence demand a relook at identity

The reignition of interest in and the acceleration of the capabilities of artificial intelligence (AI) are providing security professionals with an expanded toolbox.

Read blog
Doctor examining an Xray
Blog

The rise of blockchain at SXSW Part 2

In my last SXSW round-up blog, we left off with a recap of SXSW Interactive, where blockchain and distributed ledger technology (DLT) was far and away the hottest topic.

Read blog
Women working on computers
Blog

Eyes wide open: Raising cybersecurity's profile in your business

Our 2017 Global Threat Intelligence Report showed that, year on year, 11% more businesses were improving their incident response ability. But 68% still had no formal incident response plan.

Read blog