In the third large-scale ransomware attack this year, a new virus called Bad Rabbit is seizing and encrypting data on computers. Suspected to be authored by the same hackers who orchestrated the WannaCry and NotPetya attacks, this new virus appears not via email but from a familiar sight – the Adobe Update Installer.
People are more educated about security after such large-scale coverage of ransomware attacks, and the criticism that has been garnered by the NHS and other organisations for failing to secure their systems mean organisations are themselves more prepared for attacks. That is perhaps why this new threat comes in a new form – perhaps the message has finally got through that unfamiliar links in emails might be suspicious, but a pop-up on a website is a familiar site, and one many people would click on without thinking if they believed it to be from a reputable provider like Adobe.
This latest threat hijacks insecure websites; visitors wouldn’t be aware of the threat and would only be infected if they clicked on the link in the malware pop-up. The threat may have a different appearance, but the result is the same – victims will receive a demand for $280 in Bitcoin within 40 hours. Even if the ransom is paid, there is no guarantee that the data will be returned.
As yet, they haven’t been any recorded incidents in the UK but as the evolution of the attacks show, the hackers aren’t giving up any time soon. Early analysis suggests that this is another incidence of malware which exploits a flaw within Windows – although a different aspect than in previous attacks, because this has since been patched. This shows the determination of hackers and that’s why staff training – coupled with regular updates on live threats – can make a huge difference. In addition, you need to look at your security protocols, and your business continuity plans in case hackers get hold of your data despite your many precautions.
Give us a call if you are concerned about your IT security and business continuity and want to take action before the hackers do.