Game of Threats: The simple firewall trick to protect UAE businesses against GoT inspired Badrabbit
As 2017 goes down in history as the year ransomware attacks caused a record-breaking $5 billion in damage, One Identity – Managing Director, Andrew Clarke, has shared a simple firewall trick protect systems from the latest malware virus, the Game of Thrones inspired Badrabbit.
The latest attack to hit systems, Badrabbit emerged on October 24 and has already reached more than 200 computers in Russia, Ukraine, Germany and Turkey. Although an attack has yet to be confirmed in the GCC, the international nature of the regional business community, and the nature of such attacks, places all vulnerable systems at risk.
Exploiting the user base, not the computer, Badrabbit victims are asked to download an Adobe Flash update when visiting an infected website. However, when users click install, the malicious “install_flash_player.exe” file is installed on the computer.
As a result, Badrabbit has affected systems in several Russian banks, the country’s main independent newswire, Interfax, online newspaper Fontanka, plus card payment systems on the Kiev metro and passenger registration at Odessa Airport.
Clarke said: “Source code analysis of the Badrabbit virus shows there are many references to Game of Thrones, including such characters as Drogon, Rhaegal and Viserion. However, the real lesson here is that in Game of Thrones, the term ‘winter is coming’ is one of warning and constant vigilance. In the world today, a real-life Game of Threats continues and companies really do need to up their game in being more vigilant.
“The fact Badrabbit has hit so many organisations around the same time, indicates the attackers likely had a foot in target victim networks prior to the attack. Despite industry warnings issued after the Petya, and not-Petya outbreaks earlier this year, this variant – which spreads laterally using SMB shares – could be blocked by denying the communication channel ports 137, 138, 139 and 445 on a firewall. However, organisations appear not to have followed this advice.”
Once hit, an organisation’s data is encrypted and, for a bitcoin fee of 0.05 (approximately $280) the affected company has the chance to acquire the decryption keys…. but only before the 41 hour deadline expires.
For the first time ever, in 2017 ransomware attacks have become a multi-billion dollar headache for firms, as the cost of damages and downtime nears $5 billion globally over the last 12 months, the majority of which was caused by Wannacry.
The losses associated with cyber and ransomware attacks in 2016 were estimated at $1 billion, a figure in itself 600% higher than in 2015, but still significantly lower than this year.
Badrabbit is the third major global attack of 2017, following Petya, which targeted vital infrastructure in the Ukraine and closed an Indian port terminal, and Wannacry, which caused $4 billion of damage alone to systems in 150 countries. It is thought Badrabbit was planned for more than a year before the attack launched.
Most attacks occur in legacy systems, which are outdated and vulnerable because the nature of the business doesn’t allow for downtime and essential security maintenance work. However, these systems have been repeatedly identified and targeted by hackers, with increasingly frequent efforts to compromise them over recent months.
Clarke added: “In the unfortunate eventuality of your company being targeted, our best practice advice is not to pay the ransom and ensure that data is backed up so systems can be recovered if impacted. Also ensure systems are patched and up-to-date as well as controlling administrative access across a network.”