The Bad Rabbit Ransomware Invasion: A Review
Of the many ways in which malicious attacks are perpetrated, Ransomware has been on the rise for half a decade. The modus operandi for most ransomware is similar. The harmful code poses as a legit file and users are tricked into downloading it. This is typically known as a drive-by attack. On execution, it either encrypts all the files on the machine or threatens to publish user data, unless a ransom (usually in cryptocurrency like bitcoin) is paid. WannaCry took this to the next level by swiftly propagating without the need for user interaction; but the recent one, Bad Rabbit may have an agenda of its own.
Having targeted major establishments across Russia (like the media-house Interfax), parts of Ukraine (Kiev metro), Germany and Poland among others, it has propagated mainly through infected sites. But once inside a network, it can move from machine to machine without user action through a brute-force attack on username-password combinations.
Though it seems to be a targeted attack, in such scenarios there is no way to know how targets are being identified and who is next. But we can always be prepared and hence avoid becoming a target.
Sentient coupled with Radia is our unified solution for endpoint detection, management, and response that can trace through your network for potentially impacted machines and help barricade them off from the unaffected parts. This will limit the spread of any such invasions. In the same breath, administering the antidote to prevent such attacks will be doable in seconds.
Options to prevent infection like retracting execute privileges of associated dat files (infpub and cscc), or even revocation of administrator privileges to stop installation of the malicious exe can be disseminated with just a click. Multiple remediation techniques like enforcing password policies to avoid a brute-force hack, applying reduced rwx privileges to seal of access, eliminating unnecessary services from end-points, can also be easily achieved. Goes without saying that being up to date with patches for OS versions is a must, and Sentient will do that for you too.
Whether it be remediation or prevention, with a unified End-point detection and management solution like Sentient, you will not only be protected, but also ready to counter any such attacks with the fastest turnaround time.