Applicable Products:
CounterACT is NOT Vulnerable to this Malware. We provide a mitigation via the use of Security Policy Template
Description:
On Oct 24th, ESET reported outbreak of new ransomware infections spreading globally through many countries around the world. US-CERT has escalated this and confirmed this as a suspected variant of Petya. Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it.
Security Policy Templates, version 17.0.10.1006 is available. This release contains the new policy template to address the Bad Rabbit infestation. In addition, it also includes the templates for IoT Reaper and WPA2 KRACK vulnerabilities that were released in Security Policy Template v17.0.10.
Policies created with the “Bad Rabbit” template evaluates whether the endpoints in the policy scope are vulnerable to Bad Rabbit ransomware. Endpoints not yet infected can be “vaccinated” by running a VBS script on the endpoint that creates a file which prevents infection.
Legal Disclaimer
THIS NOTIFICATION IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION IN THIS ALERT OR MATERIALS LINKED FROM THIS ALERT IS AT YOUR OWN RISK. FORESCOUT RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ALERT AT ANY TIME.
© 2017. Forescout Technologies, Inc. is a privately held Delaware corporation. Forescout, the Forescout logo, ControlFabric, CounterACT Edge, ActiveResponse and CounterACT (as applicable) are trademarks or registered trademarks of Forescout. Other names mentioned may be trademarks of their respective owners.