A new ransomware by the name of Bad Rabbit has begun spreading in European countries at a high-speed rate.
The countries already hit by the virus are Russia and Ukraine, where several entities including websites and media outlets have been affected.
So far, confirmed reports indicate that other affected entities include Russian media outlets Fontanka and Interfax, as well as Kiev Metro and Odessa Airport in Ukraine.
The next few days are likely to see an increase in the number of affected parties.
For some reason, Europe is always among the first region affected by ransomware, and the cases of WannaCry and Petya are perfect examples that prove the point.
Once the ransomware infects machines in an organization, it locks all files and demands payment if the form of digital cash.
Based on how the developers have created the ransomware, the modus operandi will vary from time to time.
Not the First Ransomware Outbreak of 2017
The first ransomware to cause havoc this year was WannaCry. Once it infects a device, it locks all files and requests for payment in Bitcoins to unlock your data.
Failure to facilitate the payment within a particular time frame will double the amount, and further non-compliance will result in permanent loss of files since the virus will delete everything in the machine.
The second ransomware is Petya, which works just like WannaCry but with more sophistication. It reboots the computer then locks everything up and demands payments through Bitcoin.
As it is, the exact damage that will be caused by the ransomware is yet to be known. But of course, time will tell.
Based on previous experiences, ransomware attacks of high magnitudes tend to affect operations in both government and private sectors in the same manner since activities are paralyzed to some extent.
In some instances, businesses have to temporarily shut down until a solution is reached by the IT team.
During previous ransomware attacks, major companies and government institutions had to shut down until the malicious program was put to a halt. Malware has infected the systems of hospitals, shipping companies, military facilities and factories, among others.
In many cases, ransomware outbreaks culminate in major financial losses for these entities, and some outbreaks even pose danger to human life.
A good example is when a Ukrainian nuclear facility was hit with the Petya ransomware earlier this year.
The computers had malfunctioned, and all systems had to be manually monitored until the spread of the malware was shut down completely.
Also in the Petya ransomware attack, airports in Ukraine had to be closed and airplanes diverted.
In the unlikely event of a disaster, then a lot would be at stake.
Bad Rabbit Spreading
Multiple reports indicate that Bad Rabbit works similarly to the other ransomware attacks mentioned above. It locks the contents computer systems and then demands $280 in Bitcoins to have the data unlocked.
Security researchers have found that the Bad Rabbit malware managed to infect computers by disguising itself as an Adobe Flash update.
Adobe Flash is notoriously vulnerable to cyber breaches; as such, its developers announced it will be discontinued in 2020.
Bad Rabbit utilizes the appearance of a Flash update to mimic the interface of an installer. From there, the ransomware works by entering a system and creating scheduled tasks to do its work.
Interestingly, analysts discovered that whoever is running the ransomware named these tasks after dragons in the popular HBO show ‘Game of Thrones.’
Following the revelations, experts have then warned users to steer clear and cease from making the ransom payments because it may result in a double scam just like on previous occasions.A double scam is where victims pay the ransom only to lose their documents in addition to the payments they made.
Currently, multiple cybersecurity firms are monitoring the attack.
Among them is Russia-based Kaspersky, which was recently accused of hacking into United States intelligence systems.
Kaspersky executives responded in denial of the claims.
What are the Stakes?
The developers of the Bad Rabbit ransomware must be technologically inclined to create such a sophisticated program because this is where the buck lies.
The organizations affected depend on encrypted content to carry out their daily activities. Failure to do so may lead to immense losses and, as such, the affected entities are in quite the bind.
So far, some antivirus software programs have been unable to detect the virus but not all can do so. This is according to an analysis by the virus checking tool VirusTotal.
Technically speaking, cybersecurity firms tend to want to surpass each other in studying the ransomware because they are all in competition with one another.
For this reason, various versions of the reports are likely to be brought up by the leading companies that produce security programs including antivirus products.
And in the end, users will be required to upgrade to the latest version of their antivirus programs, which means spending more money. This translates to excellent business for cybersecurity companies.
Source of the Ransomware
At this point, it is not yet clear as to who is behind the attack. But with time, the orchestrators might claim responsibility.
If that does not happen, then we are most likely to see some blame games among various parties.
Finger-pointing has been very common in the past especially when hacks of high magnitudes are witnessed where some governments blame others.
When WannaCry was spreading around Ukraine and Russia, the affected entities started accusing the U.S. intelligence community for losing control over their creation.
The virus was spread by utilizing a vulnerability in the file-sharing process of devices running on Windows OS.
Many companies and security experts inferred that the U.S. National Security Agency failed to safeguard their own secrets regarding known flaws in Windows systems.
As a result, they were the first to blame for letting the WannaCry attack commence.
Currently, there are tens if not hundreds of tools that have leaked in one way or the other from the U.S. intelligence agencies to third parties.
These hacking tools are the ones currently used by hackers across the globe to undertake cyber attacks of various forms from time to time.
Once a tool is leaked to third parties, it spreads in a matter of seconds to whoever may need to use it. Once they obtain the programs, they can use it for the same purpose as its developer.
Now that Bad Rabbit is spreading, companies and organizations that had not taken additional measures to stay safe in times increased cyber threats are indeed on the losing end.
Measures that can be taken include backing up data and files in an external and secure server so that in the event your records are lost to the malware, they are easily retrievable.
The other measure which most entities ought to follow is to avoid clicking on links carelessly over email and on the internet. It is through this that malware will enter a system and infiltrate its target.
Last but not least, using an updated antivirus program is key, as it cautions the user of impending dangers whenever they are about to occur.
As much as some antivirus programs may not detect ransomware, users are advised to use the latest and most advanced programs since they cater for such.
And in the event of a breach, then the company will recommend accordingly since they have the skilled personnel and resources to investigate and come up with a solution in real time.