Let’s talk a bit about ransomware on today’s Tech Tuesday. There really is no “good” malware, unless of course we’re talking about white hat hackers who are more dedicated into using their hacking powers for good; and really the only good kind of malware is the kind that are in isolated environments and dismantled in order to understand how they work and how to defend against them. The biggest challenge, as we have mentioned before on this blog, is staying ahead of black hats. Every time white hats discover a solution, the black hats release something new. The latest concern: Bad Rabbit. This ransomware was set on the loose in October 2017; and while we are into 2018, that detection period is not so long ago.
The origins of Bad Rabbit have been traced back to corporate networks in Russia, Germany, Ukraine and Turkey. Bad Rabbit is similar to the Petya family of ransomware in that Bad Rabbit compromises targeted computers, encrypts the data on them, and then demands a payment of 0.05 Bitcoin ($287) for the victim to get the decryption key. By utilizing Bitcoin, the transactions are not only secure but entirely untraceable.
Now what about the more important detail of Bad Rabbit: How is it being distributed through the system? This ransomware is being distributed via a fake Adobe Flash Player installer. It will not look like a conventional Adobe alert. In fact, it will look like a plain text message in a window. So if an Adobe Flash Installer appears on your screen, don’t click ‘OK’ as your reflex will be. If you question your plug-in’s version, go to Adobe.com and download from there. If Adobe gives you a clean bill of health, then you know this is a bogus message.
Enterprise users should be particularly concerned because once this malware dangerous gets on the network, Bad Rabbit spreads across an organization as a worm, free of usual delivery mechanisms such as email attachments or web plug-in’s. So once this malware is on the network, it starts spreading around on its own without any human intervention. Bad Rabbit is rumored to contain the same password stealing and spreading mechanism as NotPetya, and by design allows itself to traverse an Enterprise and cripple it very quickly.
New ransomware attacks like Bad Rabbit utilizes the window of time between when new malware is first discovered and when a new virus signature or patch can be created and deployed by the many antimalware vendors. This is precisely what Bad Rabbit is doing. So do be careful. This piece of bad business has not seen wide spread distribution yet, but it is on the uptick very quickly.
A research physicist who has become an entrepreneur and educational leader, and an expert on competency-based education, critical thinking in the classroom, curriculum development, and education management, Dr. Richard Shurtz is the president and chief executive officer of Stratford University. He has published over 30 technical publications, holds 15 patents, and is host of the weekly radio show, Tech Talk. A noted expert on competency-based education, Dr. Shurtz has conducted numerous workshops and seminars for educators in Jamaica, Egypt, India, and China, and has established academic partnerships in China, India, Sri Lanka, Kurdistan, Malaysia, and Canada.