https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Ransomware

Security Central: Bad Rabbit’s Tricks Are Not For Kids

  • Written by Allison Francis
  • November 3, 2017
This week’s Security Central takes a peek inside the new wave of ransomware called "Bad Rabbit" that is spreading across eastern Europe. The unknown hackers behind the attack are locking up victims' data and demanding ransoms to be paid in bitcoin.

 

First of all, happy November everyone! Hard to believe that we’re nearly done with 2017 – the “year of ransomware” as some are depressingly calling it. Last Tuesday, a new ransomware bug dubbed ‘Bad Rabbit’ hippity hopped across Russia, Ukraine, Turkey, Germany, Bulgaria, the United States, and Japan. It’s your average, good ol’ file cryptor that will make a user’s personal files unreadable and will force them to pay a ransom for decrypting them. Good stuff.

The ransomware is the third major spread of malware this year (seriously, 2017… yeesh). It follows in the footsteps of the destructive WannaCry and NotPetya strains of malicious code. Here’s what we know about this wasically wabbit so far:

  •     Uses pieces of code from NonPetya/ExPetr
  •     Distributed as fake Flash update requiring manual installation by a user
  •     Uses system driver for encryption
  •     Tries to distribute itself via local network in a primitive way
  •     Replaces MBR and makes PC unusable
  •     Crashed on Windows 10
  •     Mainly affected Windows corporate users

* Source: ITProPortal

A bit more in-depth, there appeared to be two primary observed ways of Bad Rabbit infection: drive-by download and SMB + stolen credentials. For the drive-by method, JavaScript was injected into the HTML or .js files of popular websites. When a user visits the site, the server loads content into the page and displays a popup that instructs users to download a Flash Player update. If the unsuspecting user clicks ‘Install’, an executable file is downloaded on their computer, launching the ransomware and holding their computer hostage.

SMB + stolen credentials means that the ransomware’s executable file scans networks for open SMB shares. Then Mimikatz, a publicly available tool specifically for Windows users that can be used to steal passwords extracted from memory, is launched on a compromised computer. The malware also uses a list of hardcoded credentials to authenticate to the host. After locating said credentials, the ransomware file is launched into the Windows directory and executed through the Service Control Manager.

“The Bad Rabbit ransomware attack masking itself as a seemingly harmless Adobe Flash update is a classic case of suspicious content employees can fall victim to,” a spokesperson with cloud business applications provider Intermedia told Channel Futures. “Think of how many times you come across a software update on your computer, or a pop-up in a browser, and just click ‘yes’ without hesitation – that’s what hackers look for when designing these types of viruses, especially when targeting corporate networks.”

Ransomware is bad enough when it gets inside the networks of corporations that have the financial resources to throw personnel and after-the-fact emergency security protocol at it. But for SMBs that may not have the resources, tools or training that larger organizations use to recognize, prevent and protect from such attacks, it can mean the end is nigh. The experts Channel Futures speak to tell us time and again that it just takes one: one slip that gives one hacker access to one terminal, then it’s game over. So what happens if a ransomware attack hits a business that can’t–but somehow, must–afford to pay?

Looking back over the year, 2017 is littered with attacks of every kind, ranging in severity but hitting hard no matter the case or type. The big guys that reared their ugly heads this year, namely WannaCry and Petya, made it painfully clear just how much of a problem ransomware has become. The introduction of Bad Rabbit shows it even further – that malware writers are still out there, alive and well, working on new versions. What’s more, people are still falling for it, as though it’s the first time they’ve ever heard of such a thing. Like children, they’re astonished every time carelessness carries consequences.

So yes, 2017 has been a doozy. But quite frankly, the worst is probably yet to come. There are zillions of theories on what moves attackers may come up with next, but the overarching theme is clear – our defenses are not keeping pace with the sophistication of cyberattacks. Like, at all.

As solution providers, you know all of the elements that go into creating a solid line of defense against hackers. You need firewalls, threat intelligence, quarantines, password and file encryption, backup and recovery, and dozens of other specific pieces that together form a comprehensive solution.

But the real problem these continued ransomware attacks highlight isn’t that organizations lack some critical piece of technology that, if implemented, would magick away all their cybersecurity troubles. The problem is that people are still clicking on that damn Install button, or weird link in an email, or what have you. Until people learn how to ‘adult’ online, hackers are going to keep gleefully gaining entry to networks and wreaking mischief with your clients’ information.

At the end of the day, with all their deep technical skills, vertical expertise, and hard-earned wisdom, will MSSP’s biggest value-add be playing babysitter?

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Best Practices Security Technologies

Related


  • Partner Program Update
    Palo Alto Networks Rolls Out Latest NextWave Partner Program
    NextWave 3.0 will help partners differentiate their services.
  • Computer network connection modern city future technology
    Juniper Networks Integrates Mist, 128 Offerings Following Acquisitions
    Juniper is baking AI into its recently acquired SD-WAN offering.
  • Man with storage in data center
    Data Protection Providers Arcserve, StorageCraft Agree to Merge
    The deal expands market coverage for both Arcserve and StorageCraft partners.
  • Roaring 20s
    The “Roaring 20s” Are Coming
    2020 was a significant challenge, but the roaring 20s will come—thanks, in no small part, to partners.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • The Internet of Things (IoT): Where do You Begin?
  • Over 6,000 VMware vCenter Devices Exposed by Critical Vulnerabilities
  • Three Ways MSPs Can Improve Supply Chain Security
  • Devo Technology Unveils First Partner Program for Resellers, MSSPs, SIs

Galleries

View all

Channel Partners Virtual 2021 Is the Hottest Ticket in Town

February 26, 2021

Industry Perspectives

View all

Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution

March 2, 2021

The “Roaring 20s” Are Coming

February 25, 2021

Three Ways MSPs Can Improve Supply Chain Security

February 24, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Learn about the merging of our media websites; plus, a new #MSP Summit this fall. @Channel_Expo… twitter.com/i/web/status/1…

March 3, 2021
ChannelFutures

.@KnowBe4 acquires @MediaPROInc to beef up #cybersecurity training. dlvr.it/RtvdpB https://t.co/FzseCn4K6A

March 3, 2021
ChannelFutures

#COVID19 is ramping up #socialengineering – time for MSSPs to step in. @Electric_AI dlvr.it/RtvRQc https://t.co/ebTJNJcOxz

March 3, 2021
ChannelFutures

.@pluribusnet launches expanded, simplified partner program. #SDN dlvr.it/RtvGtQ https://t.co/bRDqYLEhXJ

March 3, 2021
ChannelFutures

#SupplyChain agility is changing global distribution patterns and #ictservices, says @NeecoICT.… twitter.com/i/web/status/1…

March 3, 2021
ChannelFutures

.@Centrify, @Thycotic merging, creating potential challenge to PAM leader @CyberArk. #cybersecurity… twitter.com/i/web/status/1…

March 3, 2021
ChannelFutures

RT @Channel_Expo: Day 2 of #CPVirtual is live! 👏 In this preview, @Craig_Galbraith highlights some of the biggest sessions and activities y…

March 3, 2021
ChannelFutures

RT @ChannelEurope: Daniel Warelow of @GiacomCM & Kelvin Murray of @Webroot say companies must take comprehensive approach to address #malwa…

March 3, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X