What Happened
On Tuesday, October 24, a new variant of ransomware called Bad Rabbit began spreading throughout Eastern Europe. These attacks reportedly impacted multiple organizations in Russia, Ukraine, Turkey, and other countries within the region. Our Next-Generation Security Platform automatically created, delivered and enforced protections from this attack.
Bad Rabbit gains initial entry by posing as an Adobe Flash update. Once inside a network it spreads by harvesting credentials with the Mimikatz tool as well as using hard coded credentials. Bad Rabbit is similar to Petya/NotPetya insofar as it encrypts the entire disk. For a detailed analysis on the Bad Rabbit attack playbook, please see our blog from the Unit 42 threat research team.
Preventions
Palo Alto Networks customers are protected through our Next-Generation Security Platform, which provides prevention through automation, applied consistently across the network, endpoint and cloud. Palo Alto Networks customers are protected from Bad Rabbit ransomware through multiple complementary prevention controls across the platform, including:
NOTE: We are continuously monitoring the Bad Rabbit situation and will update this post with additional details on protections as they arise.
For best practices on preventing ransomware with the Palo Alto Networks Next-Generation Security Platform, please refer to our Knowledge Base article. We strongly recommend that all Adobe users take additional steps to protect themselves by only getting Adobe Flash updates from the Adobe web site. For the latest on the Bad Rabbit attack playbook, please see the Threat Brief: Information on Bad Rabbit Ransomware Attacks post.
Version Summary
October 24, 2017 2:30 p.m. PT
October 25, 2017 11:00 a.m. PT
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.