An emerging ransomware attack, Bad Rabbit, has infected systems across Russia and Ukraine and is spreading across the globe – even as firms are still recovering from recent widespread disruption caused by the devastating WannaCry and Petya cyber attacks.
Bad Rabbit encrypts computers’ contents and asks for a payment of 0.05 bitcoins, or about $280; the malware has infected and paralysed systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city, Kiev.
BBC said U.S. officials confirmed receiving “multiple reports of Bad Rabbit ransomware infections in many countries around the world.”
A fake Flash Player update has been used to deliver via a drive-by-download and compromising systems, according to Cisco’s Talos intelligence Group Blog.
The sites that were seen redirecting to BadRabbit were a variety of sites that are based in Russia, Bulgaria, and Turkey.
Cisco’s Talos said; “This is yet another example of how effective ransomware can be delivered leveraging secondary propagation methods such as SMB to proliferate.
“In this example the initial vector wasn’t a sophisticated supply chain attack. Instead it was a basic drive-by-download leveraging compromised websites.
“This is quickly becoming the new normal for the threat landscape. Threats spreading quickly, for a short window, to inflict maximum damage.
“Ransomware is the threat of choice for both its monetary gain as well as destructive nature. As long as there is money to be made or destruction to be had these threats are going to continue,” Cisco’s Talos warned.
The intelligence group added that Bad Rabbit distribution doesn’t appear to have the sophistication of the supply chain attacks seen recently, therefore its unlikely that global disruption and losses will be as high as those of the WannaCry or Petya attacks.
The UK National Cyber Security Centre said it is a matter for the victim whether to pay the ransom, but encourages industry and the public not to pay.
Ransomware attacks – malware that encrypts a victim’s data and refuses to release it unless they pay a ransom, typically in digital currency bitcoin – have emerged as one of the greatest new business interruption threats.
Trend Micro’s security and threats report pegged estimated global financial and economic losses from WannaCry, which infected over 300,000 machines around the world at up to $4 billion – demonstrating that cyber crime has already reached the same levels of catastrophic loss associated with natural catastrophes or some of the major risks re/insurers cover.
Property Claim Services’ (PCS) released a $275 million first estimate for insurance and reinsurance industry losses from the Petya / NotPetya malware cyber attack that hit pharmaceutical giant Merck & Co. in June.
PCS’ first Global Cyber service loss estimate for the Equifax hack attack, put at an insurance market impact of $125 million, however the firm said that the economic impact to the credit giant is expected to be much larger.
The recent events show cybercriminals are upping their game to exploit the increasing inter-connectivity of global businesses, and the capabilities of cybercrime to disrupt the value chain on all levels are set to dramatically increase as the digital revolution grows firms intangible assets.
While the scale of the Bad Rabbit attack remains to be seen, it further highlights the urgent need for firms to leverage re/insurance capacity to cover growing cyber threats.
The extent to which re/insurance can take on this risk remains a question – that prominent reinsurance executives – like Swiss Re Chief Executive Officer Christian Mumenthaler who says cyber is probably not insurable, are still debating.
However, it’s evident the recent scale of cyber attacks will continue to transform businesses’ and governments’ relationships with cyber threat and cyber security: cyber risk has now been pushed to the top of the corporate risk agenda for businesses throughout Europe, according to a survey of over 1,300 senior executives by Marsh.