This news may seem like a déjà vu but, unfortunately, it’s not. A new ransomware infection spread yesterday through some countries in Europe, mainly Russia, Ukraine, Bulgaria, and Turkey. The bug, known as Bad Rabbit, infiltrated computers by pretending to be an Adobe Flash installer on news and media websites.
This type of cyber attack encrypts files and then requests the victims to pay a ransom to recover their files. Ransomware doesn’t encrypt the entirety of each file but instead encrypts up to the first megabyte of data, which makes the process faster and ensures that enough of the file is encrypted to prevent it from being restored without paying the ransom. As in the real world, paying the ransom guarantees nothing and the Department of Homeland Security advices against making any payments.
The real danger comes from the fact that once the ransomware has infected a machine it can spread faster than the flu. It will scan the network for shared folders and then try to steal and exploit user credentials to get on other computers.
What can you do to keep your network safe? The most important thing you can do, aside from keeping up with all software patches, is to train your employees. Make sure anyone who connects to your company’s network understands that they must NEVER download apps or software from pop-up advertisements or websites that do not belong to the software company. Fake Flash updates are a very popular way of distributing malware these days. Even when receiving an email with a link to a “required” software update, they should not click on the link. Instead, they should always go to the software’s webpage and download any updates directly from there.