Please note we have recently updated our Privacy Policy, effective May 24, 2018. You may view the updated Privacy Policy here.
By using this website, you consent to the use of information that you provide us in accordance with the Privacy Policy.


Cb Defense’s ‘Streaming Ransomware Prevention’ Stops Bad Rabbit in Its Tracks

October 25, 2017 / Jimmy Astle

On October 24, a large-scale ransomware campaign spread across Europe, in campaigns closely mimicking the NotPetya attacks from earlier this year.

Bad Rabbit appeared to infect machines via a drive-by-download that prompted the user to download a fake Adobe Flash installer. No exploits were used during initial infection. Once executed, Bad Rabbit shared similar worming capabilities as NotPetya & WannaCry.

The default and advanced policies shipping in Cb Defense block Bad Rabbit before any signatures/hashes were identified.

“Not_listed/Unknown” files invoking ransomware-like behavior is very effective against these “commodity” ransomware strains:

Process tree of a Bad Rabbit termination:

Cb Defense Streaming Prevention TTP’s associated with Bad Rabbit (Note the streaming prevention TTPs of “access_data_files”, “data_to_encrypt”):

What a block looks like to an end user:

About Streaming Ransomware Prevention

The newest release of Cb Defense uses “Streaming Ransomware Prevention,” expanding on Carbon Black’s breakthrough “Streaming Prevention” technology. This innovation leverages event-stream processing, the same technology that revolutionized algorithmic day-trading, to continuously update risk profiles based on a stream of computer activity. When multiple, potentially malicious events occur in a cluster, Cb Defense blocks the attack, whether file-based or fileless. By building upon an event-stream model, rather than the file-based signature approach used by ineffective legacy antivirus solutions, Cb Defense is able to:

  • Detect and prevent ransomware attacks, even if the attack uses an unknown file or no file at all.
  • Work online or offline, protecting systems from dangerous ransomware, even if they are disconnected from the corporate network or the cloud.
  • Enable smooth operations with virtually no performance impact for end-users.



Bad Rabbit

For more information about the rise of ransomware, and what you can do about Bad Rabbit, check out the Ransomware Epidemic: Stop Bad Rabbit In Its Tracks webcast hosted by Rick McElory, Security Strategist at Carbon Black.

Watch It Here


TAGS: Bad Rabbit / Carbon Black / Cb Defense / ransomware / Streaming Ransomware Prevention