On Tuesday, Carbon Black’s community of security experts began working together with Carbon Black Threat Research to rapidly analyze the new ransomware family that was hitting organizations from Russia to Britain. More than 100 customers and partners communicated IOCs as the attack hit.
“I heard about this attack in the news and pivoted into the Cb User Exchange community,” said Caleb Crosmun, System Engineer at SMI. “I utilized Carbon Black’s metadata to import pre-identified hash rules to harden systems. With Cb products all IOCs were pre-banned across all endpoints prior to infection. The analysis, workflow and IOCs provided by security experts in the User Exchange were most helpful.”
Even throughout the night customers continued to share IOCs and watchlists. Here are a few highlights of what they shared:
Over 4,000 security professionals absorbed this information in the User Exchange community. Kevin Kraft, IT Director at Bowman and Company LLP was one of the thousands browsing through this data.
“After hearing about this attack on Twitter, it was most helpful to read other user’s’ experiences in the community and information they acquired from various sources,” said Kraft.
Carbon Black’s online User Exchange is made up of 8,000+ customer and partners from around the globe. When you become a Cb customer you automatically have access to thousands of security experts with eyes on threat intelligence. These independent researchers are proactively threat hunting and providing real-time data to help you combat threats.
Although the discovery of new threat variants can be stressful, we’re incredibly grateful to our customers for jumping in and doing research to benefit the entire Cb community.
To see the Carbon Black Threat Research complete technical teardown of the attack, click here.