Bad Rabbit ransomware is currently working its way through Russia, the Ukraine and other parts of Europe. What makes this malware more dangerous than your typical ransomware being distributed in a similar manner is its ability to spread across an organization as a worm and not just through email attachments or vulnerable web plugins. It is rumored to contain the same password stealing and spreading mechanism as NotPetya, allowing it to traverse an enterprise and cripple it in no time.
“It was only a matter of time before someone took the ideas from WannaCry and NotPetya and ran with them for another go at unsuspecting victims. It appears this latest variation, the so-called Bad Rabbit ransomware, is being distributed via a fake Adobe Flash Player installer file,” explained Chester Wisniewski, Principal Research Scientist, Sophos.
Partners can play key role helping their customers during ransomware attacks. Organizations looking to protect themselves from threats like Bad Rabbit need to stay focused on a defense-in-depth approach to security. Sophos gateway solutions like Sophos Email Appliance, Sophos Web Appliance, Sophos SG and Sophos XG UTM customers are able to prevent infection both by using anti-virus identities and through the use of proactive sandboxing technology like Sophos Sandstorm.
Sophos recommends the following:
- Keep software up to date with the latest patches.
- Back up regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete.
- Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
- Defense-in-depth is your friend. Criminals constantly try to outwit security products, having many layers of protection helps bridge the gap when one is evaded.
- Download the free trial of Sophos Intercept X and, for home (non-business) users, register for the free Sophos Home Premium Beta, which prevents ransomware by blocking the unauthorized encryption of files and sectors on your hard disk.”