A new strain of Ransomware called Bad Rabbit is spreading around the world. Bad Rabbit spreads via Social Engineering so here’s what to warn your users to look for.
Users receive a pop up in their browsers telling them that an update to Adobe’s Flash Player is available. There are two buttons to click; Install and Remind Later. Both do the same thing – install the malware payload on the system. Bad Rabbit then uses a list of known weak passwords and tries to access all found servers and workstations using common accounts such as Administrator, Guest, root, etc. If it gets a match, the ransomware proceeds to encrypt the files on the computer and then replaces the Master Boot Record – effectively bricking the computer. So recovery forces you to purchase two decryption keys. Price is .05 Bitcoin or about $275.
There are two takeaways. First, train and remind your users to use complex passwords and change them often. Second, have your users undergo Social Engineering security training.
Contact us if you’d like more information or assistance in keeping your network and data secure.
Everyone stay safe out there!
Equifax, one of the nations largest credit reporting companies, recently admitted that it had suffered a massive data breach and the personal information of 143 million U.S. residents was stolen.
The breach was detected on July 29 and data was compromised from mid-May through July. Compromised data includes:
- Social Security numbers
- Birth dates
- Driver’s license numbers (in some cases)
As you can imagine this is major bad news as in many cases the above is all that’s required to open credit card accounts, take out loans, etc. And it’s even worse for small business owners because personal credit information is typically the base for business creditworthiness.
So what do you do? As an individual, we suggest the following:
- Consider putting a Credit Freeze on your credit report. This will prevent potential creditors from accessing your credit report therefore making it much harder for someone to open a new credit-based account. You will need to contact Experian, Equifax, and TransUnion directly to request this action and note that there may be a modest charge to apply or lift the freeze.
- Contact any one of the above credit agenecies and request a Fraud Alert. When anyone applies for credit in your name a fraud alert requires the creditor to take additional steps to verify that the individual seeking the new credit card or loan is actually you. There’s typically no cost for a Fraud Alert.
- Set up Credit Monitoring. Credit Monitoring tracks changes to your credit report and can alert you immediately to any activity. With most requests for new credit, there is a 24-48 hour period in which you can revoke the credit request so getting a quick alert is helpful.
- Get Identity Theft Protection. ITP is more comprehensive than just monitoring and often includes monitoring of bank and credit card accounts for suspicious activity.
If you’re a business, you need to take additional steps to protect your network, data, and bank accounts. You can learn more by attending our next free Executive Cyber Security webinar. Register here.