Ransomware cyber attacks are “today’s biggest cyber-threat.” Why? Because study after study published
in news and technology media tell us so. Sure enough, headlines broke this week
about a new ransomware threat dubbed “Bad Rabbit.”
This latest campaign emerged in Europe –
Russia, Ukraine, Bulgaria, Turkey and Germany -- but quickly popped up in the
U.S., too. The Wall Street Journal
reported midweek that the Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT)
issued an alert reporting
“multiple reports” of infections.
Bad Rabbit masquerades as an update to
Adobe’s Flash multimedia player, authorities say, as notices to refresh Flash
are common on legitimate websites. Once downloaded, the malware encrypts
files on victims’ computers, rendering the machines useless until a bitcoin ransom is paid within a specific timeframe. In addition, Bad Rabbit
attempts to spread within the network of an infected company, which can cause
business operations to grind to a halt as one system after another is affected.
Tech news service ZDnet reported that Bad Rabbit shares similarities with
Wannacry and Petya, which swept across globe this summer, but so far is not as
widespread. Still, we believe our readers should be vigilant and careful.
What do we like about these particular five
methods? Each seeks to enhance the human element in cybersecurity, which
we believe is the most powerful technology tool our readers possess:
- Increase Cybersecurity Awareness and
Here are a few of the tips
users need to learn:
open email attachments from unknown senders or sources
enabling macros from any email attachments
click on web links embedded in unsolicited emails
pace with the latest social engineering “phishing lures” that use brand names
and other common language
- Implement a “White List”
Don’t just blacklist websites known to carry malicious programs. Develop a
“white list,” too. White lists point users to websites known to be secure. This
approach not only limits risk, but offers convenience to employees and perhaps
will boost productivity, too.
- Manage Permissions
Should every employee have the authority to download software applications
through company networks on company-owned and/or managed devices? Probably not.
Restricting permission levels can prevent malware like ransomware from running
or spreading quickly. Will some employees bristle at curbed privileges? No
doubt they will. But at least they may ask “Why?” which increases individual
cyber-savvy. See bullet #1.
- Deceive the Deceivers
There’s a new class of security technology emerging called “deception tools.”
These systems bait ransomware attackers with false data on decoy networks.
Malware goes to work encrypting bogus information, keeping it away from real
devices and data and giving cyber-monitors the chance to detect intrusions
before damage is done.
- Leave the Technical Aspects to the Experts
More and more IT Managed
Services Providers (MSPs) are specializing in cybersecurity. Not only can they install and implement
measures such as firewalls, they can monitor for intrusions and support recovery from incidents.