Bad Rabbit – New Ransomware Virus

Organizations in Russia, Ukraine and a few hours later also the U.S. are under siege from Bad Rabbit, a new strain of ransomware with similarities to NotPetya.
The outbreak started Tuesday and froze computer systems in several European countries, and began spreading to the U.S., the latest in a series of attacks.
Department of Homeland Security’s Computer Emergency Readiness Team issued an alert saying it had received “multiple reports” of infections.

Russia’s Interfax news agency reported on Twitter that the outbreak shut down some of its servers, forcing Interfax to rely on its Facebook account to deliver news.

Bad Rabbit Starts With Social Engineering

The outbreak appears to have started via files on hacked Russian media websites, using the popular social engineering trick of pretending to be an Adobe Flash installer. The ransomware demands a payment of 0.05 bitcoin, or about $275, from its victim, though it isn’t clear whether paying the ransom unlocks a computer’s files. You have just 40 hours to pay.

Bad Rabbit shares some of the same code as the Petya virus that caused major disruptions to global corporations in June this year, said Liam O’Murchu, a researcher with the antivirus vendor Symantec Corp.
Based on analysis by ESET, Emsisoft, and Fox-IT, Bad Rabbit uses Mimikatz to extract credentials from the local computer’s memory, and along with a list of hard-coded credentials, it tries to access servers and workstations on the same network via SMB and WebDAV.

The hardcoded creds are hidden inside the code and include predictable usernames such asrootguest and administrator, and passwords straight out of a worst passwords list. (Note To Self: all user passwords need to be strong, step all employees through a strong password training module ASAP.)

As for Bad Rabbit, the ransomware is a so-called disk coder, similar to Petya and NotPetya. Bad Rabbit first encrypts files on the user’s computer and then replaces the MBR (Master Boot Record).

Ouch, that basically bricks the workstation. 

Courtesy of KnowB4

Contact us today to review your passwords and to ensure your systems are secure.

Equifax Hack

Equifax, the credit reporting giant, announced Thursday that they were hacked sometime between mid-May and July of this year. The breach exposed the information of an ‘unknown’ number of people living in Canada and the UK. They have yet to reveal how many Canadians had their personal information hacked over the Spring and Summer.
Hackers were able to get names, SIN’s, birth dates, addresses, credit card information and some driver license numbers. That is enough information to fill out a mortgage application or get a credit card for example.
Equifax said it will send direct mail notices to consumers that were impacted. They have also established a website where people can check if their personal information was stolen.
If you find your information has been compromised, there are a few things you can do to protect yourself from identity theft;

  • Monitor your Equifax score
  • Watch your credit inquiry (anytime a potential lender checks your credit i.e. credit card company)
  • Freeze your credit reports (this restricts access to your credit report)
  • If your SIN was stolen, file a police report
  • Check your credit card statements
  • Alerts banks and strengthen your passwords

Although they haven’t released the number of Canadians affected, they did state that nearly 143 million people were affected in the US.

Here is a fresh-from-the-press Current Events template to safeguard against inevitable Equifax-themed phishing campaigns by the bad guys: (courtesy of KnowBe4)

WannaCry Ransomware – How to protect yourself

Specifically, on May 12, 2017 a new strain of the Ransom.CryptXXX (WannaCry) strain of ransomware began spreading widely impacting a large number of organizations, particularly in Europe.

You should be extremely suspicious of all e-mails you receive, particularly those that ask the recipient to open attached documents or click on Web links.

If you have seen nonstandard activity and believe you may be at risk, please contact us.

In light of these recent attacks, we now recommend a policy to install all critical and security updates automatically on all stations and that we create a policy on your servers to enforce that immediately.  We’re also recommending that we remove administrator rights on all stations going forward so as to introduce one more hurdle so that spyware and malware cannot run on their computers.

In the meantime, a few things you can do to mitigate your exposure and risk:

  • Make sure your operating system’s security patches are current. If you are on Windows 10 these security patches by default are downloaded and installed automatically. If you are on an older version of Windows you may have reset the defaults to less than fully automatic.
  • Make sure you have a current antivirus / internet security / total security package that is working. That means it is getting the security signatures from the software supplier whether it is Microsoft, Kaspersky, Norton/Symantec, AVG, Panda, TrendMicro, Eset, CheckPoint, Avira (to name a few) or any other package you have installed.
  • Do backups of your data / Do backups of your data / Do backups of your data……we cannot repeat this enough. There are both free and paid for backup software. Use whatever you prefer. But do regular backups.  An integratal part of the backup process is testing your backup. The backup is useless if you have done a weekly backup for years and then the one time you need it, it doesn’t work.
  • Make a system image every few months. A system image is a snapshot of absolutely everything on your hard drive at a moment in time.  Backups are of data only. Images include the operating system, all your software and all your data. In the event if a critical failure the normal restore procedure would be to restore the latest image which might be a month or more old and then restore the data from the last backup. This procedure keeps the losses to a minimum.
Don’t wait for a disaster. Put the steps in place now to protect yourself. For a business that means minimizing business interruptions. For home users it means not losing precious photos that you have had for many years. Be prepared.
We can assist you in setting up your security software, configuring backups and creating a system image.

www.infotechmontreal.com