The threat of ransomware bounced back into the public spotlight last week after a new version, ‘Bad Rabbit’, infected multiple systems across the globe. This happened barely 48 hours before the NHS was heavily criticised by the National Audit Office (NAO) for its handling of the WannaCry ransomware attacks in May.
Reports first surfaced on Tuesday that ‘Bad Rabbit’ had initially hit Russia and Ukraine, with airports, train stations and media sites being affected. News quickly followed that it had also spread to Turkey and Germany, sparking fears that another global attack was unfolding. The impact on the servers of Russia’s Interfax news agency reportedly forced them to rely on its Facebook account to deliver news.
Thankfully, the UK has (at the time of writing) escaped the wrath of Bad Rabbit, unlike the ransomware case in May when WannaCry caused widespread disruption, particularly to the NHS. Globally, WannaCry infected more than 300,000 computers in 150 countries, but NHS computers at 81 health trusts across England and almost 600 GP surgeries were affected. In their report released last week, the NAO warned the Government and NHS to “get their act together” to prevent future attacks and the head of the NAO said the health service must improve its resilience or it would suffer a more sophisticated and damaging breach.
Despite its obvious failings, the NHS did seem to receive a disproportionate amount of negative reporting when you consider the wider scale of WannaCry, not only in the UK, but also globally. Although this was a worrying case as it could potentially have cost lives through the service disruption, the event did finally thrust ransomware into the public limelight and prove that this is not just another scaremongering tactic from the cyber security industry. In the days that followed, hundreds, if not thousands, of businesses patched their previously-vulnerable systems.
‘Bad Rabbit’ has yet to affect the UK, but organisations should not be complacent and need to adopt good cyber hygiene practices and take proactive practical steps to remain protected. Having a regular and effective patching regime is important to help minimise the initial chance of infection, but keeping regular back-ups of critical data will also be crucial in helping minimise disruption in the event of a ransomware attack.