iTecs Protected Customers from BadRabbit ransomware

iTecs Protected Customers from the Badrabbit ransomware at zero hour

There is a new wave of ransomware attacks, #BadRabbit, launched on October 24th, that has hit the market worldwide.  The attacks originated in Ukraine and Russia, and have spread and affected critical infrastructures.

Our Elite Antivirus Software Suite detected this at zero hour, as early as July 2017, three months before this ransomware hit prime-time, October 24th. The Elite suite features tunable machine learning models. This particular model that detected BadRabbit was created in April 2017, which goes to show the prediction power of iTecs partner's well-crafted machine learning models.

We all know that ransomware or malware can strike companies well before it becomes widespread. Ensure your organization is protected at zero hour. Our Elite Antivirus  Suite is the solution for your organization!

Learn more about how we can help protect your computers at our Total Security Managed Antivirus page.

What we know so far

Bad Rabbit is extremely similar with GoldenEye / NotPetya both structurally and as a broader focus. It targets Ukrainian critical infrastructure and is highly viral due to its implementation of Mimikatz which lets it move from one infected workstation to another across an organization. It also features disk encryption via the DiskCryptor driver so it can interfere with the normal boot process and prevent the computer from starting up.

Last, but not least, while the ransomware component references Game of Thrones characters, it also has a process hashing routine extremely similar to what GoldenEye used to verify what security solutions were installed locally prior to encrypting the MBR.