Yet another ransomware campaign called BadRabbit has recently started to spread. Not to worry though, Flowmon helps to detect the BadRabbit as well as other rising threats and allows you to react immediately.
After WannaCry and Petya, the BadRabbit is another ransomware campaign of this year. Although it is not as spread as previous ransomware it still creates havoc in infected enterprise networks. The BadRabbit is in some ways similar to WannaCry and Petya ransomware - it uses the same exploit EternalRomance (SMB v1 vulnerability) to spread across the enterprise network. Users get infected after visiting infected websites and installing fake flash player update. And after that, users go down the BadRabbit hole…
To prevent the damage and protect our customers, we have updated behavior patterns used in Flowmon ADS to detect Petya (more about Petya detection here) with detection of BadRabbit ransomware. Customers are now automatically alerted when BadRabbit infects their networks. Do you want to know how we do it?
Detecting Rising Threats
Activity of majority of malware can be seen in the network traffic. Port scanning, communication with C&C servers, high data transfers or anomalies in network protocols are just some of the indicators of infected hosts in the network. Such indicators of compromise represented by anomalies and changes in the host's behavior can be easily detected by Flowmon ADS.
Different malware leaves different footprints. To detect such footprints and malware infection, we create patterns of the malware behavior and distribute it to our customers with Flowmon ADS (with valid support). By updating “Flow-based Behavior Pattern” detection method we help our customers to protect themselves against rising threats including recent BadRabbit ransomware. Moreover, customer can create their own behavior patterns using SQL-like syntax to detect various operational and security incidents (example of WannaCry detection).
If you are interested in more information, check the video below focused on detecting rising threats using behavior patterns in Flowmon ADS.
Martin Skoda
View all posts from Martin Skoda on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.
Comments
Topics
Sitefinity Training and Certification Now Available.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.
Learn MoreMore From Progress
Latest Stories
in Your Inbox
Subscribe to get all the news, info and tutorials you need to build better business apps and sites