Keep your business safe from Bad Rabbit

Caroline Scotter Mainprize | October 30, 2017

We answer your questions on protecting your networks from ransomware and other cyber-attacks.

A new strain of ransomware known as Bad Rabbit is lurking on the horizon. At the moment it is only attacking businesses in Russia, Ukraine, Turkey, and Germany, but it is only a matter of time before it reaches the UK.

Bad Rabbit works by tricking people into clicking on a fake Adobe Flash update which appears as a pop-up window on compromised news websites. The moment you click on it, the ransomware moves quickly to shut down your computer and infect the rest of your network. The criminals behind the attack will only release your data upon payment of a ransom in bitcoin (but there is no guarantee they will release it even if you pay the ransom).

How do I avoid being caught by the scam?

  • Always be extra-vigilant when invited to click on something (a pop-up box, an attachment, an email) when you do not fully trust the source.
  • If you are not sure whether a software update box or something similar is genuine or not, pause and read it carefully. The current Bad Rabbit pop-up box gives itself away by being riddled with spelling and grammatical errors.
  • Or look at another website that you know to be safe, such as the BBC. If you can play a video on that without needing to update Adobe Flash, you’ll know that the other pop-up box was a con.

Should I just avoid all Adobe Flash updates?

  • You could, but there is every chance that the cyber-criminals behind the attack may start using another delivery system.
  • They will try to make you click on a link by worrying you and making you think that you need to see whatever is on the other side of that link.
  • But nothing is so urgent that you have to click on it right then.
  • The best rule to follow is: if you don’t know exactly what you’re clicking on, do not click.

What do I do if I realise I have clicked on a ransomware delivery?

  • Don’t hang about: disconnect your computer from the network immediately
  • And call your IT help desk or support company.

What should I do in general to keep my business safe from cyber-attacks?

  • Back-up your system regularly but don’t have your back-up permanently connected to the network. If it is connected, it runs the risk of being infected with the rest of the system.
  • Delete all old VPN or virtual workstation connections – these connections are an easy way into the system for hackers, especially if the passwords are weak.
  • Strengthen all connections by using extra-strong passwords. The latest advice is to use three words that mean something to you but that are not connected in any obvious way – plus numbers or special characters for extra strength.

At First Line IT we now run an online training course to help employees understand the risk of cyber-crime and guard against attacks. Contact John Crozier for details.