What Is Bad Rabbit Ransomware?

On Tuesday, Oct. 24, a new strand of ransomware named Bad Rabbit appeared in Russia and the Ukraine and spread throughout the day. It first was found after attacking Russian media outlets and large organizations in the Ukraine, and has found its way into Western Europe and the United States. The initial installer masquerades as a Flash update but is believed to be an updated version of NotPetya, since the infection chain and component usage is identical.  Interestingly, this malware contains a list of hardcoded Windows credentials, most likely to brute force entry into devices on the network.  According to SonicWall Capture Labs Threat researchers, Bad Rabbit spreads using the SMB protocol within Windows. We should think of it as a bug fix maintenance release of NotPetya (within EternalBlue method of propagation removed). The purpose of using the SMB protocol is to spread laterally across an organization. 

Are SonicWall Customers Protected from Bad Rabbit?

Yes. SonicWall Capture Labs released signatures to protect against Bad Rabbit malware, which are available for anyone with an active Gateway Security subscription (GAV/IPS).  In addition, SonicWall Capture Advanced Threat Protection (ATP) sandboxing service is designed to provide real-time protection against new strains of malware, even before signatures are available on the firewall. SonicWall Capture ATP customers will be protected against new forms and copycat versions of this malware. Multiple variations of this ransomware strain have been processed in Capture ATP, with a 100 percent success rate of catching it.

How Can I Stop Ransomware Like Bad Rabbit?

SonicWall customers should immediately ensure they have the Capture Advanced Threat Protection sandbox service turned on with their next-generation firewalls, and have the Block Until Verdict feature activated.  For Bad Rabbit, there is no need to manually update the signatures on SonicWall firewalls, as they are automatically propagated to the worldwide installed base upon deployment.

General recommendations for everybody, regardless of their security vendor, include:

  • Apply all patches to operating systems
  • Protect endpoints with an up-to-date anti-virus solution
  • Promote good password hygiene policies
  • Ensure firewall and end point firmware is current
  • Implement a network sandbox to discover and mitigate new threats
  • Deploy a next-generation firewall with a gateway security subscription to stop known threats

I will update this post as analysis of Bad Rabbit ransomware develops.  For more information, read the SonicAlert posting from SonicWall Capture Labs Threat Research Team. To learn more about ransomware defense, please read our Solution Brief: Eight Ways to Protect Your Network Against Ransomware.

View SonicAlert

FacebookTwitterGoogle+LinkedIn
Brook Chelmo
Sr Product Marketing Manager | SonicWall
Brook handles all product marketing responsibilities for SonicWall security services and serves as SonicWall’s ransomware star. Fascinated in the growth of consumer internet, Brook dabbled in grey-hat hacking in the mid to late 90’s while also working and volunteering in many non-profit organizations.  After spending the better part of a decade adventuring and supporting organizations around the globe, he ventured into the evolving world of storage and security. He serves humanity by teaching security best practices, promoting and developing technology.

You might also like

SonicWall and our Channel Partners Team to Deliver New High-Value Security Professional Services to Fight the Bad Guys
Read more
Move to the Cloud and Enable Secure Collaboration with SonicWall SMA OS 12.1
Read more
Ransomware Negotiation: How Hackers Target SMBs
Read more
SonicWall Expands Scalability of its Next-Generation Firewall Platforms and DPI SSL to Address Encrypted Threats
Read more
Black Hat USA 2017: Build Your Arsenal with SonicWall Capture – Innovate More, Fear Less
Read more

0 comments

Leave a reply