Bad Rabbit is another automatic, opportunistic RansomWorm. Its goal is to move laterally and encrypt more computers than just patient zero. This, of course, results in much higher ROI.
Putting aside the embarrassing fact that people are still using flash and have flat networks, it’s even more embarrassing that it’s almost the same attack as Petya from 4 months ago:
So, What Happened?
No matter what you hear in the media, the Bad Rabbit ransomware is as straightforward as it gets. There are six simple steps:
- Drive-by download based on old flash issue
- Download more malicious stuff
- Find more endpoints to infect
- Lateral movement using Mimikatz or hard-coded passwords
- Encrypt everything
- Gimme the Bitcoin!!!
Javelin to the Rescue
Javelin AD|Protect will save you even if you have a flat network and no AV. It will stop the attacker at the reconnaissance phase regardless of the methodology, whether it’s ldap enumeration or scanning. It will also stop the attacker on the lateral movement phase, whether it’s grabbing the credentials using Mimikatz or trying brute force methods to obtain hard-coded passwords.
AD|Protect will mitigate the patient zero automatically, leading to only 1 infected but contained PC. It will provide you with all of the required details in a forensics format to help you better understand the nature of the attack.
About Javelin AD|Protect
Javelin AD|Protect is a single on-premise software platform that protects the Active Directory by combining Artificial Intelligence, obfuscation and advanced forensics methodologies at the entry point of a breach (endpoint/edge server). Responding automatically in real-time, it’s the only agentless solution that detects and contains attackers immediately after they compromise a machine but before they enter the network. It prevents attackers from using a computer’s natural Active Directory credentials and moving laterally to other computers undetected. Javelin greatly reduces the effort, time, and error involved in detecting and containing a breach. No other product is faster, non-impactful, or undetectable.
Feel free to reach out – firstname.lastname@example.org