Sophos is aware of a widespread ransomware attack which is affecting several organizations in multiple countries. It is known as Bad Rabbit and has similarities to the recent Petya/NotPetya ransomware attack that affected Ukraine and other countries. Initial reports are, Bad Rabbit is mainly affecting Russian organizations but other countries are affected as well.
The following sections are covered:
Sophos Intercept X and Exploit Prevention customers were protected against this attack proactively with no updates required.
The investigation of this threat is still ongoing and this article will be updated with more information as it becomes available.
For more information about protection in other Sophos products, see the table below.
Follow any actions needed for the Sophos products you are using, as detailed in the Are Sophos customers protected? section above.
Additionally Sophos recommends following the Anti-Virus and HIPS best practice settings and checking if the computers are running the latest updates.
The table below provides a timeline of new/additional protection created for this threat.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.