What you need to know about BadRabbit malware

Here’s what’s important to know about BadRabbit malware - if you’re a business owner

BadRabbit is ransomware

If infected,  your computer will be locked down , and you will be extorted to pay money ( currently around $300 or equivalent in bitcoin)

There are 2 ways that it spreads

Primary infection on a network is via infected websites - it then secondarily spread through that network  via a leaked NSA exploit in Windows Operating systems ( not dissimilar to  WannaCry)

What’s that in plain English ?

You, or your staff, will most likely be exposed to it by browsing the web, and coming across an infected website - where you will see a popup that looks like you’re being prompted to download and install an Adobe Flash Update

If your computer is on the company network ( example a business with an internal network of computers ) - then the malware spreads across the network in a very similar way to WannaCry (via security weaknesses or gaps in  Windows XP / Vista / 7 and Windows Server 2003 and 2008 systems. ) The exploit that does this is called EternalRomance, and if this is all sounding familiar , it should be , because WannaCry spread by using an exploit called EternalBlue . Both the Eternals are from the NSA and were leaked out into the wild with devastating consequences.

Where does BadRabbit come from

Current general consensus is most likely it comes from Russia - it appears to be targeting corporates and government installations in the Ukraine and surrounding countries.

Why should you worry ?

Yes, it’s not spreading as fast WannaCry - however because the internet is global and open if you do any kind of shopping online, or global website browsing , you could be at risk of getting infected. 

Risk Points 

Windows software that is not patched or updated regularly - any computer running Windows Vista or XP, and staff that are "too busy" to critically evaluate the messages and popups that they see when browsing the web , especially if their job involves doing any form of online research or searches.

Tips for your staff :

  • Don’t download Flash from any website except Adobe - ignore pop up messages that looks confusing
  • Don’t buy  or order goods and services on a website that does not have a green padlocked SSL
  • Don’t work in older versions of Windows Operating Systems - and specifically move away from Vista, XP and Windows 7
  • Always keep up to date with your Windows security Patches.

What can you do on your website to prevent or mitigate this ?

  • install a business grade Organisational Validation, or Extended Validation SSL certificate
  • Ask your developer to mitigate  that Javascript  injection is prevented on your website.
  • If you have a wordpress website, ensure that comments can only be loaded by verified user accounts and have to be moderated or approved so you can delete the spam and suspect ones.  


DDOS : Distributed Denial of Service

Once you have a website for your business, one of your worst nightmares becomes the fear that your website is down.

Today's post is a quick snapshot of one the nasties that could potentially bring your site down - and a couple of recommendations to prevent it ( as much as you can)

So, lets talk about a Distributed Denial of Service ( or DDOS)

What is that ?

In plain english , it's when attackers send so much traffic, from multiple locations ( distributed) to your website, that your server cannot cope with the requests, and eventually it shuts down. While this is happening, your site may slow down dramatically, making it very difficult for genuine clients and prospects to view and interact with your website.

Why do they do it ?

Most DDOS attacks are aimed at government or large companies - from "hacktivists" or people trying to make a political point.

If you are attacked by a DDOS , its likely to be because your IP address is in the same range as a target of interest - because once launched, the attacks are mostly automated by malware and bots.

What can you do about it ?

Mostly - there's not much you can do to stop attacks from hitting you - but you can put measures in place to cope with an attack.

Here are my top two tips to mitigate and prepare for an attack.

  1. Take a Multi layer approach to security mitigation
    • Server level - explicitly ask your hosting company to confirm what measures they take to mitigate
    • Website Framework ( eg Wordpress or Joomla ) - you may want to add a security plugin
  2. Make sure your server host or web developer updates all security patches as soon as they are available
    1. If you do this yourself - then set an appointment weekly to check and run all patches