Here’s what’s important to know about BadRabbit malware – if you’re a business owner
BadRabbit is ransomware
If infected, your computer will be locked down , and you will be extorted to pay money (currently around $300 or equivalent in bitcoin).
There are 2 ways that it spreads
Primary infection on a network is via infected websites – it then secondarily spread through that network via a leaked NSA exploit in Windows Operating systems ( not dissimilar to WannaCry)
What’s that in plain English?
You, or your staff, will most likely be exposed to it by browsing the web, and coming across an infected website – where you will see a popup that looks like you’re being prompted to download and install an Adobe Flash Update
If your computer is on the company network (example a business with an internal network of computers) – then the malware spreads across the network in a very similar way to WannaCry (via security weaknesses or gaps in Windows XP / Vista / 7 and Windows Server 2003 and 2008 systems.)
The exploit that does this is called EternalRomance, and if this is all sounding familiar, it should be, because WannaCry spread by using an exploit called EternalBlue. Both the Eternals are from the NSA and were leaked out into the wild with devastating consequences.
Where does BadRabbit come from?
Current general consensus is most likely it comes from Russia – it appears to be targeting corporates and government installations in the Ukraine and surrounding countries.
Why should you worry?
Yes, it’s not spreading as fast WannaCry – however because the internet is global and open if you do any kind of shopping online, or global website browsing, you could be at risk of getting infected.
Windows software that is not patched or updated regularly – any computer running Windows Vista or XP, and staff that are “too busy” to critically evaluate the messages and popups that they see when browsing the web , especially if their job involves doing any form of online research or searches.
Tips for your staff :
- Don’t browse or download anything from a site that still uses Flash, it is insecure.
- Don’t buy or order goods and services on a website that does not have a visible padlocked SSL
- Don’t work in older versions of Windows Operating Systems – and specifically move away from Vista, XP and Windows 7
- Always keep up to date with your Windows security Patches.
What can you do on your website to prevent or mitigate this ?
- Install a business grade Organisational Validation, or Extended Validation SSL certificate
- If you have a WordPress website, or any other blogging/CMS platform that allows comments, ensure that comments can only be loaded by verified user accounts and have to be moderated or approved so you can delete the spam and suspect ones.
- Block comment submissions that contain hyperlinks on your website.