Skip to content

Bad Rabbit and Me

This bunny will do more than leave a mess on your floor.

Lead writer: Shareen Song, Responsible Cyber

Contributor: Magda Chelly, and Wen Sin Lim, Responsible Cyber

Figure 1: A cute rabbit 

On Tuesday, October 24th, 2017, Bad Rabbit made its debut, paralyzing several organizations in Russia and Ukraine, with reported cases in Turkey, Germany, Bulgaria, and Japan.

Perhaps inspired by Halloween, Bad Rabbit, disguised as a then ubiquitous Adobe Flash installer, found insecure websites where it was able to burrow undetected in wait for its prey. When a visitor arrived on the website, Bad Rabbit made its appearance as an Adobe Flash installer offering a free update. Where the visitor was tricked into clicking, Bad Rabbit gets its opportunity to encrypt files, lock the computer and issue a ransom note demanding US$280 to be paid in Bitcoin within 40 hours. From accounts gleaned from the internet, Bad Rabbit has been good to its promise of setting free its captives once the required ransom was paid.

What is Bad Rabbit?

Bad Rabbit is just one of many ransomware strains (a type of malware) lurking on the worldwide web today. Ransomware is defined as a malicious software designed to block access to information or a computer system until a sum of money is paid. Where victims of ransomware used to be hapless individuals who didn’t know any better how to protect themselves (and had to pay an affordable sum to regain access to their computers and files), authors of ransomware are now looking to ensnare corporate victims for a lot more money.

Fast forward to year 2021 where covid has accelerated the world’s reliance on the internet for everything basic to business, holding files and computers hostage is no longer worth just US$280 (which still buys plenty of carrots but not much else). ‘Threat actors’ (as the fiendish folks behind cybercrime are referred to) have now honed their craft to penetrate the defense put up the cybersecurity teams of large corporations. According to the “X-Force Threat Intelligence” report, ransomware is the number one threat in 2021, comprising 23% of cyberattacks. Here are just a handful of notable ransomware attacks that have surfaced in 2021 and their asking ransoms:

Historical Ransom

Many more are unreported in addition to every ransomware attack that makes it to the news or is eventually included in a victim count. Companies may choose to stay silent as they don’t want their clients and investors to know the cyber attack full and think that the company is in trouble. Individuals may want to put the matter behind them without spending more effort to report the incident.

What has ransomware got to do with me?

If you are still not convinced that you are a likely ransomware target, this might change your mind: “Ransomware as a Service” (RaaS).

RaaS is a subscription-based model that enables criminals to use already-developed ransomware tools to execute attacks. Capturing and holding data or computers for ransom is no longer the domain of cyber geniuses gone rogue; less tech-savvy real-world criminals can now quickly pivot their unsavory deeds to the cyberworld.

Readily available on the dark web, RaaS is super affordable too (compared to the cost of launching any kind of heist in the real world). Anyone wanting to debut a ransomware attack can select from a variety of offerings with plans ranging from one-time payment to a monthly subscription. There are even commission-based plans if one doesn’t have the cash to commit upfront: ‘affiliates’ or customers can choose to split the looty received after a successful attack with the RaaS provider.

Some of the bad boys of RaaS:

  • · Netwalker (noted for being the most profitable ransomware kit)
  • · Frozr Locker (considered pricey at US$1262 as a one-time cost)
  • · RaaSberry (starts from US$60)
  • · Stampedo (starts from US$39)
  • · Satan (FREE! Affiliates pay 30% of their ill-gotten proceeds to Satan)

Like any legitimate ‘as-a-Service’ provider, RaaS distributors provide customer support services including onboarding documentation with a step-by-step guide for launching ransomware attacks (think ‘Ransomware for Dummies’) and sometimes even a dashboard solution to monitor the status of each attack.

With user-friendly ransomware readily available and accessible, and borderless attack opportunities (which transcend immigration controls and covid restrictions), this genre of cybercrime offers a healthy ROI for criminals pivoting from traditional crimes, or indeed anyone looking to make an easy living from crime.

I would assume that if one signs up with Satan, all you need is a computer with internet connection… and a bag of chips whilst you wait for a bite.

The home run is the widely known fact that very, very few cybercriminals are ever caught and prosecuted for their violations; there are just too many cybersecurity incidents and way too little law enforcement resources not helped by the complexity of jurisdictional boundaries. According to Third Way (a Washington DC based public policy think tank), only an approximate 0.3% of all reported cybercrimes are enforced and prosecuted.

You had me at RaaS… how can I protect against ransomware?

1. Always make offline backups — have both local/offline and cloud backups of data files and servers to ensure that critical data can be restored in case of a ransomware attack.

2. Don’t open suspicious attachments, even if they are emailed from people you know — attachments might be infected with malware, and attackers are able to steal credentials and send you emails that look like they originate from someone in your contact list.

3. Always keep your programs and operating systems updated, install patches promptly — cybercriminals are always on the lookout for common vulnerabilities, and weaknesses. Those exist all the time. Furthermore, if you do not have an update available, you need to look out for zero-days and find compensating controls until you can update. Zero-day is a vulnerability for which a patch has not been developed to mitigate it.

4. Enable two factor authentication (2FA) where possible — figures suggest 2FA block about 99.9% of automated attacks. 2FA requires two separate and distinct forms of identification before access is granted; eg. a password AND a code which is sent to the user’s handphone, for example.

5. Ensure that you, your team, colleagues, family and friends attend comprehensive social engineering training — according to a press release issued on 9Jan2020 by Deloitte, 91% of all cyberattacks begin with a phishing email to an unexpected victim; social engineering training will help individuals spot danger signs and be vigilant against cyberattacks.

6. Install antivirus and antimalware programs to prevent, detect and remove viruses and malware from computers and IT systems.

7. Speak to CyberDan to discuss solutions,

Say hi 💜to Our official Responsible Cyber mascot!

As a full-time cybersecurity consultant with us and a recreational pilot in his spare time, you can probably guess that CyberDan is a subject matter expert on safety and security 24/7. His state-of-the-art headphones is multifunctional, serving to block out ambient noise when he flies and to be at the ready to hear you out on your security concerns anywhere, anytime.

Figure 2: CyberDan 

CyberDan always has your back. Stay steps ahead of the cybercriminals. No guesswork involved. Simply schedule a consultation with him today.

#infosec #cybersecurity #cyberimmunity #responsiblecyber #mascot

#HolotechStudios #animaze #collaboration #cyberawareness