enSilo Protects OOTB: Bad Rabbit Ransomware
WHAT IS KNOWN?
Bad Rabbit is a new ransomware campaign discovered yesterday, October 24, 2017, by ESET researchers.
Method of Distribution?
The ransomware was distributed via a fake flash update.
Currently, there is no evidence of any targeted industries.
What is known at the moment is that Bad Rabbit ransomware was mainly spread in Russia, Ukraine, Turkey, Bulgary. Today, it appears that Bad Rabbit ransomware has been detected in the United States.
How is Bad Rabbit being distributed?
It can occur when a user is browsing. A fake pop-up of a Flash update will appear. Then an installer of flash is piggy-backed with an added DLL.
The capability to spread laterally through an organization.
How is it Spreading?
Searches, Looks, Sees, Spreads. Searches for specific credentials, looks for open shares and sees if any open shares are open and then spreads like a worm.
2 Capabilities of Spreading via SMB
1. Open SMB shares-. If open spread through SMB protocol
2. Hardcoded list- Hard coded list of user names and passwords. It has an own payload of MimiKats.
Most Important Take Away:
- Any attempt of Bad Rabbit to spread via SMB is blocked out-of-the-box by enSilo’s Exfiltration Prevention policy and enSilo’s Ransomware Prevention policy
IMAGE: Any attempt of Bad Rabbit to spread via SMB is blocked out-of-the-box by enSilo’s Exfiltration Prevention policy:
IMAGE: Any attempt of the Bad Rabbit Ransomware to encrypt files is blocked out-of-the-box by enSilo’s Ransomware Prevention policy
REQUEST A DEMO TODAY