Bad Rabbit Pretending To Be Something You’re Not

Well, here we go again with a Ransomware hack spreading worldwide. While the names of the hacks are nothing short of juvenile creativity the havoc they wreak is not. And this Bad Rabbit is laying siege as a new strain of ransomware similar to NotPetya.

I received the news immediately from KnowBe4, which reported that it appears Bad Rabbit was introduced via files on hacked Russian media websites, using the popular social engineering trick of pretending to be an Adobe Flash installer. It started last Tuesday, October 30, freezing computer systems in several European countries. It then began spreading to the U.S.

According to KnowBe4, “Department of Homeland Security’s Computer Emergency Readiness Team issued an alert saying it had received “multiple reports” of infections.” In addition, Russia’s Interfax news agency tweeted that the outbreak had shut down some of its servers, forcing them to rely on its Facebook account to deliver news.

The Ransomware demands a payment of 0.05 Bitcoin, or about $275, from its victims. If you are a victim, though you may or may not be given access to your files even if you do pay. So far it isn’t clear whether they are releasing files. Victims also are given just 40 hours to pay.

Employees are typically the weakest link in a company. They often have easy to hack passwords and fall for phishing and social engineering attacks. You can initiate processes that enforce changing passwords frequently and encourage stronger passwords.

With a continuous onslought of attacks and the rapidly approaching GDPR deadline, Cyber security must be the number one priority of any company that does business internationally whether small, medium or large. If your business is not yet compliant with the GDPR, call our offices for a free consultation.

Director of VORAS Consulting, Paulius Petretis On Growing Dangers in The Cyber World.

Paulius Petretis, leading cyber security expert gives real world examples of how the nefarious crimes being committed in the cyber world being exacerbated by events in the regular world.

 Vilnius, Lithuania – December 02, 2017 – Paulius Petretis, CEO of VORAS Consulting posted a new article on the company website entitled “ In The Cyber World Dangers Lurk In Every Nook And Cranny.” Mr. Petretis reveals that cover-ups as well as digital devices that are lost and stolen contribute to a majority of the chaos.

Petretis writes, “It’s already been clearly established how difficult it is to keep all of the information floating around in the cyber world safe.” He adds, “In this world everything moves in nanoseconds and is consequently really hard to keep up with.”

According to Petretis, “This is something most regular people don’t think about too frequently. That however is beginning to change as more and more news headlines focus on data security breaches that are no longer just in the corporate domain, but that are now having repercussions in the general population.”

 “Ransom attacks have been perpetrated on companies large and small as well as individuals,” says Petretis. He elaborates, “Recently, the rideshare company, Uber revealed they had covered up a ransom attack back in 2016. According to a Forbes article, “In 2016, two hackers gained Uber AWS credentials through GITHub. The hackers then went to AWS and downloaded 57 million user accounts, including driver’s license numbers for 600,000 Uber drivers.”

(https://www.forbes.com/sites/moorinsights/2017/12/08/ubergate-post-mortem-will-we-ever-learn/#2df2c89b62b1)

Petretis adds some other statistics from idtheftcenter.org stating that, “*one laptop is stolen every 53 seconds, *over 70 million cell phones are lost each year. •Public Wi-Fi is a risk as information can easily be accessed on these open networks without a user’s knowledge or permission.”

“It’s wild in the cyber world,” Petretis writes, adding, “It’s dangerous. And while there is no bloodshed or physical brutality going on like we are accustomed to seeing in battles between good and evil, there is untold damage. The effects can wipe out companies or individuals in the blink of an eye.”

The entire article can be read at http://pauliuspetretis.freeua.agency/in-the-cyber-world-dangers-lurk-in-every-nook-and-cranny/

Paulius Petretis

Paulius Petretis is an Information security expert, Certified Information Systems Security Professional (CISSP®), Certified Information Security Manager (CISM®), Certified Information System Auditor (CISA®), Certified in the Governance of Enterprise IT(CGEIT®) and Certified in Risk and Information Systems Control (CRISC®), Guest speaker at various conferences and seminars, Trainer at information security related training courses.

According to the annual survey initiated by the Info Security Europe, a whopping 93% of large organizations and 76% of small businesses had at least a single information security breach in 2011. Only 18% of the organizations affected by the infringements related to data protection laws had a consistent and effective contingency plan in place. According to Paulius, information is not something static – it evolves and mutates every day. It is the ecosystem of every business and if a single cell fails, it can bring down the entire business.

Therefore ensuring a consistent and up-to-date information protection policy must be the priority for all businesses – no matter how big or small they are. As it might be unrealistic to believe that any young or experienced entrepreneur can be the jack of all trades, the really smart decision is to rely on specialists who dedicate their professional lives to getting to know everything there is to know about protecting important business information.

With more than 16 years of experience in helping people, small businesses, and government organizations to protect their business secrets, Paulius believes that information security must help businesses achieve goals but not vice versa.

 

###

 

 

 

 

 

 

In The Cyber World Dangers Lurk In Every Nook And Cranny

It’s already been clearly established how difficult it is to keep all of the information floating around in the cyber world safe. In this world everything moves in nanoseconds and is consequently really hard to keep up with.

This is something most regular people don’t think about too frequently. That however is beginning to change as more and more news headlines focus on data security breaches that are no longer just in the corporate domain, but that are now having repercussions in the general population.

Unreported Breaches Coming To Light

Ransom attacks have been perpetrated on companies large and small as well as individuals. Recently, Uber revealed they had covered up a ransom attack back in 2016. According a Forbes article, “In 2016, two hackers gained Uber AWS credentials through GITHub. The hackers then went to AWS and downloaded 57 million user accounts, including driver’s license numbers for 600,000 Uber drivers.”

(https://www.forbes.com/sites/moorinsights/2017/12/08/ubergate-post-mortem-will-we-ever-learn/#2df2c89b62b1)

This event went unpublicized so all of those drivers were unaware that their information had been compromised. Here’s how it escaped notice: Uber simply covered it up. Here’s how Forbes explains it. “After downloading this goldmine of data, the hackers contacted Uber to discuss ransom terms. The final settlement? Uber would pay the hackers $100,000, under two conditions: first, they had to destroy the stolen data (and “double promise” they did this).” (https://www.forbes.com/sites/moorinsights/2017/12/08/ubergate-post-mortem-will-we-ever-learn/#2df2c89b62b1)

If you believe this, I’ve got a bridge I’d like to sell you!

The second condition of the payoff was that the criminals “couldn’t tell anybody.” Forbes writes, “Cyber hands were shaken, payment was made, and everybody went on their merry way.”

So, how many unreported breaches are there? How often is information being compromised that no one, not even the authorities know about? We don’t know.

Lost And Stolen Devices

Add to that these statistics”

*one laptop is stolen every 53 seconds,

*over 70 million cell phones are lost each year.

  • Public Wi-Fi is a risk as information can easily be accessed on these open networks without a user’s knowledge or permission.

The idtheftcenter.org also states that, “Nearly 41% of all data breach events from 2005 through 2015 were caused by lost devices such as laptops, tablets and smartphones.” When these devices are company issued they very often have proprietary information. Most companies do not have policies in place fr when devices are lost or stolen.

It’s wild in the cyber world. It’s dangerous. And while there is no bloodshed or physical brutality going on like we are accustomed to seeing in battles between good and evil, there is untold damage. The effects can wipe out companies or individuals in the blink of an eye.

The General Data Protection Regulation (GDPR)

Clearly, if the European Union’s General Data Protection Regulation (GDPR) had been in effect when the Uber cover up came to light, they would be paying very heavy fines for their lack of security. Let this serve as yet another reminder that in just a few months the GDPR will be law. If you have not yet brought your business into compliance, there is no time like the present moment. If you are a business owner call our offices to set up a free consultation to find out how to bring your company into compliance with the GDPR.