BadRabbit Ransomware – How to implement a vaccine to prevent infection

Here I demonstrate how you can deploy a super-simple vaccine to prevent against BadRabbit ransomware. This sample relies on being able to write to the C:Windows directory, and writing a file the malware relies on and removing the file permissions of that file will protect you against this strain.

This method of identifying a vaccine can be used on many other samples and hopefully will enable you to prevent malware infection in your environment.

Sample:
MD5: fbbdc39af1139aebba4da004475e8839

Blogs you should definitely read:

BadRabbit: a closer look at the new version of Petya/NotPetya

http://blog.talosintelligence.com/2017/10/bad-rabbit.html

https://www.endgame.com/blog/technical-blog/badrabbit-technical-analysis

If you like this video, please press like.
If you love the video, please subscribe to my channel.
If you want to talk malware, follow me https://twitter.com/cybercdh

Enjoy!

5,155
Views