GREYCORTEX is happy to report that it is able to detect the BadRabbit ransomware. This ransomware appeared in Eastern Europe (Russia, Ukraine) but has begun to spread across several countries including South Korea, Poland, the Baltic, and regions. It uses an NSA-based exploit known as “EternalRomance” to enter networks and spreads by SMB port.

GREYCORTEX Mendel is able to detect this ransomware in two different ways:

  • Mendel’s integrated ruleset includes a rule specifically detecting the BadRabbit ransomware.
  • Independent from this IDS rule, Mendel’s advanced artificial intelligence and machine learning detects the ransomware’s anomalous port sweep activity.

This detection capability demonstrates that Mendel can identify unknown threats before rules are created in rules-based security tools. Mendel provides network security teams vital extra time to protect their networks.