By June Shores

By now most people know you could get infected by ransomware by clicking on a malicious link in an email. But did you know you could get hit by ransomware just by browsing to an infected website? This is called a drive-by download. It’s called that because you can just “drive-by” or visit a website without even having to click on something and malicious code can be downloaded to your device without your knowledge.  What will the hackers think of next? I know it sounds scary, but there are things you can do to avoid getting hit by one.

The way a drive-by download works is you visit an infected site, code on the site scans your computer for outdated software or a weakness in your system, and if a weakness is spotted it then downloads malware on to your system. That malware can be ransomware, spyware or a Trojan, to name a few.

There is a new threat called Bad Rabbit that is a drive-by download that delivers ransomware. Bad Rabbit is spread by visiting an infected website. When you visit the website, you receive a message like the following telling you to update Adobe Flash.

If you click on the update message, malicious code is installed on your device and you receive the following message informing you all of your files have been encrypted.

To get your files back you must pay 0.05 Bitcoin. At ~$6000 per Bitcoin that’s roughly $285.

To avoid a drive-by download, keep your Operating System and applications updated. This includes updating your phone as well as your computer. What makes most drive-by downloads successful is they find an outdated system and exploit a known weakness, or vulnerability, in the system. Although using an exploit isn’t the only way a drive-by download could work. (Bad Rabbit does not use an exploit, instead it requires the user to click on a link to update Adobe Flash.) This does not negate the need to update your software. Most software developers are constantly updating their products to fix known issues or vulnerabilities.  If you keep your applications and operating system up-to-date that will limit your risk.

Also, make sure you have a firewall and antivirus enabled on your device.  Avoid malicious sites such as file-sharing sites or adult content sites. If your browser warns you that a site you are trying to access is malicious, don’t go there. The internet is constantly searched for malicious sites and the bad sites are recorded and the firewall and antivirus software is aware of them.

What do you do if you are hit by ransomware? Experts recommend that you don’t pay the ransom. That just encourages the criminals to keep making ransomware because they know they will make money. It’s hard to not pay because you have a lot of valuable data on your computer and you want to get it back. However, there’s no guarantee the hackers will decrypt your drive after you pay anyway. Instead be prepared and buy an external hard drive or use the cloud to backup your data BEFORE this happens to you.

We will also be updating the “Solutions” section of this website with simple methods of regularly backing up your data.

For more information on Bad Rabbit, you can go to the following websites:

https://thehackernews.com/2017/10/bad-rabbit-ransomware-attack.html

http://blog.talosintelligence.com/2017/10/bad-rabbit.html