Bad Rabbit Ransomware Attack

On Tuesday, Oct. 24, a new strand of ransomware named Bad Rabbit appeared in Russia and the Ukraine and spread throughout the day.

The initial installer masquerades as a Flash update but is believed to be an updated version of NotPetya, since the infection chain and component usage is identical.  Interestingly, this malware contains a list of hard coded Windows credentials, most likely to brute force entry into devices on the network.

SonicWall Capture Labs threat researchers investigated Bad Rabbit and the proficiency of the SonicWall Capture Advanced Threat Protection (ATP) sandboxing service against the previously unknown ransomware. Analyzing three different Bad Rabbit samples, the multi-engine Capture ATP successfully stopped all three attacks.

The SonicWall Capture ATP sandboxing service is designed to provide real-time protection against new strains of malware even before signatures are available on firewalls.

It highlights the critical need to leverage multiple engines to defeat both known and unknown cyber threats.

In addition, the SonicWall Capture Labs released signatures to protect against Bad Rabbit malware. These signatures are available and are applied automatically.

General recommendations for everybody, regardless of their security vendor, include:

  • Apply all patches to operating systems
  • Protect endpoints with an up-to-date anti-virus solution
  • Promote good password policies
  • Ensure firewall and end point firmware is current
  • Implement a network sandbox to discover and mitigate new threats
  • Deploy a next-generation firewall with a gateway security subscription to stop known threats

To find out more on how to secure your network, call one of our Sales Team members today.

Robert Brown
30/10/17

Follow us on LinkedIn:

Related Articles:
Exponential Growth Expected for Ransomware
What Version of Office are you using?

Written by