Cb Connect 2018 | Power of You | Register Now


Cb Defense’s ‘Streaming Ransomware Prevention’ Stops Bad Rabbit in Its Tracks

October 25, 2017 / Jimmy Astle

On October 24, a large-scale ransomware campaign spread across Europe, in campaigns closely mimicking the NotPetya attacks from earlier this year.

Bad Rabbit appeared to infect machines via a drive-by-download that prompted the user to download a fake Adobe Flash installer. No exploits were used during initial infection. Once executed, Bad Rabbit shared similar worming capabilities as NotPetya & WannaCry.

The default and advanced policies shipping in Cb Defense block Bad Rabbit before any signatures/hashes were identified.

“Not_listed/Unknown” files invoking ransomware-like behavior is very effective against these “commodity” ransomware strains:

Process tree of a Bad Rabbit termination:

Cb Defense Streaming Prevention TTP’s associated with Bad Rabbit (Note the streaming prevention TTPs of “access_data_files”, “data_to_encrypt”):

What a block looks like to an end user:

About Streaming Ransomware Prevention

The newest release of Cb Defense uses “Streaming Ransomware Prevention,” expanding on Carbon Black’s breakthrough “Streaming Prevention” technology. This innovation leverages event-stream processing, the same technology that revolutionized algorithmic day-trading, to continuously update risk profiles based on a stream of computer activity. When multiple, potentially malicious events occur in a cluster, Cb Defense blocks the attack, whether file-based or fileless. By building upon an event-stream model, rather than the file-based signature approach used by ineffective legacy antivirus solutions, Cb Defense is able to:

  • Detect and prevent ransomware attacks, even if the attack uses an unknown file or no file at all.
  • Work online or offline, protecting systems from dangerous ransomware, even if they are disconnected from the corporate network or the cloud.
  • Enable smooth operations with virtually no performance impact for end-users.



Bad Rabbit

For more information about the rise of ransomware, and what you can do about Bad Rabbit, check out the Ransomware Epidemic: Stop Bad Rabbit In Its Tracks webcast hosted by Rick McElory, Security Strategist at Carbon Black.

Watch It Here


TAGS: Bad Rabbit / Carbon Black / Cb Defense / ransomware / Streaming Ransomware Prevention