Working in the security world means that, more than likely, you will have to deal with ransomware at some point in time. Now with even more changing threats, it could be a lot sooner than later.
Don't be a victim for the Bad Rabbit.
Now we have something NEW to deal with and it is called Bad Rabbit. It was discovered Tuesday, 24th of October 2017. It has been reported as affecting countries in Eastern Europe. In fact, Ukrainian CERT has issued an alert on Bad Rabbit.
Bad Rabbit gets into networks by posing as an Adobe Flash update. Once inside a network, it starts to spread like rabbits (pun).
This ransomware is similar to Petya/NotPetya, because it encrypts the infected hard drive.
Because the initial attack vector is through bogus updates, Bad Rabbit attacks can be prevented only by getting Adobe Flash updates from the Adobe web site.
Am I Covered?
The GOOD NEWS is that Palo Alto Networks customers are protected through our Next-Generation Security Platform, which provides prevention through automation, applied consistently across the network, endpoint and cloud. Palo Alto Networks customers are protected from Bad Rabbit ransomware through multiple complementary prevention controls across the platform.
Unit 42 has developed a Threat Brief with information about the threat:
Threat Brief: Information on Bad Rabbit Ransomware Attacks
To read Unit 42's blog entry about this ransomware, go here:
Palo Alto Networks Protections Against Bad Rabbit Ransomware Attacks
For Unit42's Autofocus entry, please see:
Please do not forget about the Live Community for all ransomware/threat questions or concerns. Please visit the Threat & Vulnerability Discussions on the Live Community (https://live.paloaltonetworks.com/t5/Threat-Vulnerability-Discussions/bd-p/Threat_Discussions)
Thanks for taking the time to read about this ransomware.