Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1578
Views
0
Helpful
3
Replies

Bad Rabbit Ransomware - Outbreak filters of ESA

pbabu6001
Level 1
Level 1

‎10-25-2017 01:13 PM - edited ‎03-08-2019 07:27 PM

Hi Support team,

Could you please let us know, how can I check whether the Rabbit Ransomware updated in ESA or not?

Do I need to check for Outbreak filters or Anti-Virus?

 

Many thanks!

Labels:
0 Helpful
3 Replies 3

Libin Varghese
Cisco Employee
Cisco Employee

‎10-25-2017 07:09 PM

AMP (Advanced Malware Protection) and Sophos anti-virus on ESA should be blocking all known variants of Bad Rabbit ransomware.

 

Please go through following article for more information:
https://community.sophos.com/kb/en-us/127730
https://nakedsecurity.sophos.com/2017/10/24/bad-rabbit-ransomware-outbreak/
http://blog.talosintelligence.com/2017/10/bad-rabbit.html

 

Regards,

Libin Varghese

0 Helpful

pbabu6001
Level 1
Level 1
In response to Libin Varghese

‎10-26-2017 04:57 AM

Hi Libin,

Thanks for your information.

 

We have enabled SOPHOS anti-virus on our ESA, but not AMP.

Is there any impact on our users as we are not using AMP regarding this threat?

 

Many thanks!

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee
In response to pbabu6001

‎10-31-2017 07:07 AM

Adding AMP as an additional layer of scanning would definitely be helpful.

 

Do note that AMP performs dynamic analysis of the attachment as it is received while Sophos uses IDE rules pushed to the appliance to determine malicious content.

 

Both scanning engines and completely different ways of functioning and recommendation would always be to use both to stay protected against unknown variants of the threat.

 

Regards,

Libin Varghese

0 Helpful
Customers Also Viewed These Support Documents