Bad Rabbit Ransomware Gets Quick Kaseya Fix

 

Last month researchers came across a new ransomware attack dubbed Bad Rabbit. It initially targeted Russian, Ukrainian, Turkish, and German users, but it has the ability to spread elsewhere.

How Bad Rabbit Works

Bad Rabbit, a drive-by exploit, performs its mischief by spreading a fake Adobe Flash installer that victims themselves install. The bad Flash installer comes from an array of websites that end users may visit. Like most ransomware, Bad Rabbit is based in part on a previous exploit, in this case sharing code with ExPetr ransomware, and may come from the same attacker.

Learn more about Bad Rabbit in the article, Bad Rabbit — Ten Things You Need to Know About the Latest Ransomware Outbreak.

Hopping to a Fix

Fortunately, Kaseya customers have access to a quick vaccine fix with the help of Kaseya Automation Exchange, a community of users and Kaseya professionals who share scripts, tips, automation tools, and fixes to security issues and exploits.

There have been over 414 downloads of the free vaccine fix  that works with VSA by Kaseya so far. The fix is “an Agent Procedure to protect Windows endpoints against the Bad Rabbit Malware.

The procedure create two files (C:\Windows\cscc.dat and C:\Windows\infpub.dat) and disables inheritance from these files,” the Automation Exchange website said.

Most of the downloads are from MSPs that now protect thousands of client endpoints against the Bad Rabbit exploit.

Kaseya believes in the importance of the extensibility of VSA, is committed to developing fixes to critical situations, and understands the effectiveness of Automation Exchange to make this capability immediately available to customers. As part of this, it has put in place a rapid response team run by Kaseya’s Automation Engineer to monitor and remediate new high profile exploits.

Kaseya Automation Exchange Story

The Kaseya Automation Exchange was built to help users of VSA by Kaseya benefit from all the other Kaseya VSA customers who have built custom automation. Automation Exchange is a community-sourced, online, open market for sharing, buying, and selling agent procedures, scripts, monitoring sets, reports, templates, and other types of system and network automation.

For new MSPs that don’t have the time or the know-how to build custom automation, ready-made solutions are available on the Exchange. This saves time and money. Mature MSPs already build on their automation solutions they use in-house. Now they can monetize these efforts by selling solutions on the exchange or help the community by giving them away.

Kaseya also shares solutions built by in-house experts.

Available solutions include:
• Cloud unification from Unigma
• Spybot
• MSP Assist Ticket Management
• PowerShell for Kaseya
• Kaseya NOC Dashboard

One Kaseya customer finds Automation Exchange to be critical. “Automation is essential to our success and our ability to scale,” said Brian Tirado, support team manager, Occidental Technical Group. “The challenge has always been the lack of time, resources, or simply the know-how to build it. With Automation Exchange, we can not only share our own automation scripts that work for us, but also take advantage of scripts created by other members of this open ecosystem. Automation Exchange is an invaluable resource that enables us to better serve our customers.”

For MSPs, Kaseya Automation Exchange can subsidize the cost of creating automation by selling your solutions online. It can even turn into a profit center.

With more than 700 contributors and thousands of downloads per week, Automation Exchange taps into the strong, collective knowledge and expertise of Kaseya’s community to further the company’s commitment to openness, interoperability, and vendor neutrality.

Categories include:

• Agent procedures
• Integrations
• Monitor set
• Reports
• Scripts

To learn more, head over to Automation Exchange. Signing up and sharing your solutions is a snap.

 

dougbarney

Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.

Leave a Reply

Your email address will not be published. Required fields are marked *