That Flash plugin update your computer wants you to install may not be what it says it is.
Cybersecurity experts warned officials from local and state government, local police departments, nonprofit organizations and small businesses on Wednesday that a ransomware attack known as Bad Rabbit began spreading across Europe on Tuesday and could target American organizations in the next two weeks.
The warning came as part of the first briefing of the SecureMA initiative, launched by Boston-based Cybereason to help local governments and small businesses better defend their networks against cyberattacks.
Ransomware is malicious software that infects a computer or network and then restricts access to network files until a ransom is paid to unlock it.
“Bad Rabbit gets downloaded as a fake Flash update. The website would show you a screen that says ‘you need to update your Flash plugin, click here to do it,’” said Cybereason Chief Information Security Officer Israel Barak, who focused on cybersecurity and cyberdefense as part of the Israeli Defense Forces’ red team unit. “And if you do it, guess what? You’ve just downloaded Bad Rabbit.”
Barak said Bad Rabbit started spreading Tuesday, mostly in Russia and Ukraine, and has affected airports, news agencies and train stations in those countries as well as Turkey and Germany.
“If this proves to be a successful operation, you’ll see this going global in the coming week or week and a half,” he said. On Tuesday, the United States Computer Emergency Readiness Team issued an alert about Bad Rabbit and encouraged victims to not pay the ransom.
Earlier this year, the U.S. Department of Justice reported there are more than 4,000 ransomware attacks each day against businesses and consumers. The FBI estimated that more than $1 billion was paid as ransom in 2016. Cybereason believes the rate of attack may be double what has been reported and the dollar value of ransoms paid are likely in the range of $3 to $5 billion.
SecureMA was established last month to give local governments and small organizations access to quarterly situational awareness briefings, intelligence sharing by Cybereason experts on ongoing threats, updates and training on Cybereason’s anti-ransomware software, a best practice guide and a community of other IT professionals who can act as resources.
Former Boston Police Commissioner Ed Davis, now a security consultant, serves as the honorary chair of SecureMA and framed the issues that small businesses and local governments are dealing with.
“They’re moving real quick and we need to be agile enough to defend against that sort of thing,” Davis said of bad actors seeking to spread ransomware.
While he was commissioner of the Boston Police Department, Davis said cyberthreats became “more and more and more intense every year” and that the department simply didn’t have the resources it would have needed to keep pace with the evolving threats.
