"Bad Rabbit" Ransomware

Last week, a new form of ransomware began making its rounds through Eastern Europe, and has spread to several other countries.  This new ransomware is similar to the WannaCry and Petya outbreaks that happened earlier this year.  At this time, it is unclear how far this threat has or will spread.  JSCM Group is staying on top of its activity, and wants to ensure all of our clients are protected.

For our WatchGuard clients, there are several things that need to be done to ensure you are not susceptible to this new threat.

  • WatchGuard has released a signature to identify Bad Rabbit through Gateway Antivirus.  It is important you ensure your GAV is updated with the most recent signatures.
  • APT Blocker was immediately able to identify the threat when it was released, if the service is configured correctly.
  • Threat Detection & Response (TDR) can detect Bad Rabbit files on the network, and can quarantine them if the service is configured correctly.  Also, the Host Ransomware Prevention (HRP) portion of TDR has been updated to identify these files.

If you do not currently have TDR or APT Blocker licensed on your device, please contact us so that we can assist you in adding them to your licensing.  If you do currently have these services and want to ensure they are configured correctly, please Contact Us so that one of our WatchGuard experts can review your configuration and ensure your network is properly secured.