enSilo Protects OOTB: Bad Rabbit Ransomware

WHAT IS KNOWN?

Bad Rabbit is a new ransomware campaign discovered yesterday, October 24, 2017, by ESET researchers. (enSilo’s endpoint protection platform already protects against this.)

Method of Distribution?

The ransomware was distributed via a fake Flash update.

Industries affected?

Currently, there is no evidence of any targeted industries.

Targeted countries?

What is known at the moment is that Bad Rabbit ransomware was mainly spread in Russia, Ukraine, Turkey, Bulgaria. Today, it appears that Bad Rabbit ransomware has been detected in the United States.

How is Bad Rabbit being distributed?

It can occur when a user is browsing. A fake pop-up of a Flash update will appear. Then an installer of Flash is piggy-backed with an added DLL.

Greatest Concern

The capability to spread laterally through an organization.

How is it Spreading?

Searches, Looks, Sees, Spreads. Searches for specific credentials, looks for open shares and sees if any open shares are open and then spreads like a worm. It has two capabilities of spreading via SMB.

1. Open SMB shares. If open spread through SMB protocol

Picture1.png

2. Hardcoded list. Hard coded list of user names and passwords. It has its own payload of MimiKats.

Picture2.png

Most Important Take Away

  • Any attempt of Bad Rabbit to spread or encrypt files is blocked by enSilo.

Picture3_ExfiltrationPrevention.png

Any attempt by Bad Rabbit to spread via SMB is blocked out-of-the-box by enSilo’s Exfiltration Prevention policy.

Picture4_RansomwarePrevention.png

Any attempt by Bad Rabbit to encrypt files is blocked out-of-the-box by enSilo’s Ransomware Prevention policy.

REQUEST A DEMO TODAY

Sign Up for a Demo Today

Related Blog Posts

How To Handle The Increase In Powershell Attacks ? one

enSilo Corporate and Product , Bad Rabbit , Ransomware , Windows

“Nearly 98% of all recorded point of sale (POS) attacks resulting in a confirmed data breach”. Verizon Data Breach Investigations

PROBLEM:

.

Read More

Customers Say It Best - Managed Security Service Provider one

enSilo Corporate and Product , Bad Rabbit , Ransomware , Windows

 

Retailers, restaurants, hoteliers, and small businesses are having problems discovering breaches on their POS systems. Delayed detection of a.

Read More

5 Ways to Tackle Ransomware Attacks One

enSilo Corporate and Product , Bad Rabbit , Ransomware , Windows

“Nearly 98% of all recorded point of sale (POS) attacks resulting in a confirmed data breach”. Verizon Data Breach Investigations

PROBLEM:

.

Read More

enSilo Blocks New Variant of Adwind RAT one

enSilo Corporate and Product , Bad Rabbit , Ransomware , Windows

“Nearly 98% of all recorded point of sale (POS) attacks resulting in a confirmed data breach”. Verizon Data Breach Investigations

PROBLEM:

.

Read More