<img height="1" width="1" alt="" style="display:none" src="https://www.facebook.com/tr?id=619966238105738&amp;ev=PixelInitialized">

enSilo Protects OOTB: Bad Rabbit Ransomware

WHAT IS KNOWN?

Bad Rabbit is a new ransomware campaign discovered yesterday, October 24, 2017, by ESET researchers.  

 

Method of Distribution? 

The ransomware was distributed via a fake flash update. 

Industries affected? 

Currently, there is no evidence of any targeted industries.

Targeted countries? 

What is known at the moment is that Bad Rabbit ransomware was mainly spread in Russia, Ukraine, Turkey, Bulgary.  Today, it appears that Bad Rabbit ransomware has been detected in the United States.

How is Bad Rabbit being distributed? 

It can occur when a user is browsing.  A fake pop-up of a Flash update will appear.  Then an installer of flash is piggy-backed with an added DLL.

Greatest Concern:

The capability to spread laterally through an organization. 

How is it Spreading? 

Searches, Looks, Sees, Spreads.  Searches for specific credentials, looks for open shares and sees if any open shares are open and then spreads like a worm.

 


2 Capabilities of Spreading via SMB

1.  Open SMB shares-. If open spread through SMB protocol 

Picture1.png

 

 

2.  Hardcoded list-  Hard coded list of user names and passwords.  It has an own payload of MimiKats. 

Picture2.png

 

 

Most Important Take Away:

  • Any attempt of Bad Rabbit to spread via SMB is blocked out-of-the-box by enSilo’s Exfiltration Prevention policy and enSilo’s Ransomware Prevention policy

 

Picture3_ExfiltrationPrevention.png

IMAGE:  Any attempt of Bad Rabbit to spread via SMB is blocked out-of-the-box by enSilo’s Exfiltration Prevention policy:

 

 

Picture4_RansomwarePrevention.png

IMAGE:  Any attempt of the Bad Rabbit Ransomware to encrypt files is blocked out-of-the-box by enSilo’s Ransomware Prevention policy

 

REQUEST A DEMO TODAY

https://www.ensilo.com/schedule-a-demo/

 

CATEGORIES

FEATURED ARTICLES

tag cloud