Bad Rabbit or Bad Habit?
Given the many recent ransomware outbreaks, with Bad Rabbit just one among many, it’s reasonable to question whether this fast-spreading plague can possibly be stopped. As we’ve learned the hard way, in many cases the human factor is the gap through which malware penetrates organizations. Despite the sophisticated arsenal that secures and protects large organizations and businesses, time and again the end-user is the weak link -- the overly confident or distracted user who clicks on the wrong link and compromises the security of the whole organization.
Of course, users don’t bear sole responsibility, but share it with the browsers through which they interact with the outside world. Browsers are the number one attack vector through which malware penetrates organizations.
The human factor, combined with inherent browser vulnerability, creates a perfect storm -- a lethal combination that enables outbreaks of ransomware like Bad Rabbit to be so effective.
What is Bad Rabbit ransomware?
Bad Rabbit is malware that spreads via an innocent-seeming (but fake) update to the Adobe Flash installer, which is allegedly sent from a legitimate Russian news site. Once users click, they are directed to a compromised website where the executable file is downloaded to their endpoints and uses an open source program to encrypt their files, providing them with a deadline to pay the ransom if they wish to have their files back. In parallel, Bad Rabbit searches for nearby systems and attempts to spread the ransomware across the organization.
What can be done to defend organizations against such an attack?
Educating users and changing their browsing habits is, of course, essential. However, it is naïve to think that education alone will eliminate the threat. After all, a single error by just one user is all that it takes to open the floodgate. And it’s counterproductive to stop users from browsing the Internet, since employees often depend on the web do to their jobs.
Isolation is the way to lessen ransomware risk
Nevertheless, taking a proactive approach using the power of isolation can substantially lessen the risk from Bad Rabbit and other ransomware attacks.
By keeping all active web content locked away in an isolated environment, far from the corporate network, users can freely browse the Internet while being fully protected from the hazards of the browser. Active browsing is done remotely in a virtual browser situated inside a Linux container in the DMZ or cloud. The web content is then rendered into images, which are streamed to the user browser, generating a seamless user experience, without any code running on the endpoint.
Malware that penetrates via the browser, such as Bad Rabbit ransomware, cannot access the end device and run the Disk Cryptor code required to execute the malware, simply because it remains ‘stuck’ within the remote container, far from user devices. Since the container is terminated once the browsing session ends, Bad Rabbit ransomware is eliminated along with it and cannot spread further.
It’s hard to root out bad habits. That’s exactly why, for the sake of the whole organization, the human factor must be handled carefully and intelligently. To combat Bad Rabbit today, and who-knows-what other threats down the line, it’s vital to keep end user browsing isolated and secure.