Cisco Blogs
Share

Threat Spotlight: Follow the Bad Rabbit

- October 24, 2017 - 4 Comments

Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues.

On October 24, 2017, Cisco Talos was alerted to a widescale ransomware campaign affecting organizations across eastern Europe and Russia. As was the case in previous situations, we quickly mobilized to assess the situation and ensure that customers remain protected from this and other threats as they emerge across the threat landscape.

There have been several large scale ransomware campaigns over the last several months. This appears to have some similarities to Nyetya in that it is also based on Petya ransomware. Major portions of the code appear to have been rewritten. The distribution does not appear to have the sophistication of the supply chain attacks we have seen recently.

Read More >>

Tags:
Leave a comment

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.

4 Comments

  1. ๊Update latest signature on NGIPS is Necessary ? i see on web cisco have rule update Sourcefire Rule Update 2017-10-25-001

      The primary research post on talosintelligence.com is consistently being updated as further analysis is completed. Please continue checking back on that post (using the "Read More" link) for updates and in-depth details.

  2. Is there any signatures related to IPS which we need to update in firepower ?

      Please see the coverage and IOC sections of the research post for details. That post is being updated as more and more analysis is completed.

Share