* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/)
* Palo Alto Networks Protec...

# Palo Alto Networks Protections Against Bad Rabbit Ransomware Attacks

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F10%2Fpalo-alto-networks-protections-bad-rabbit-ransomware-attacks%2F)  
[](https://twitter.com/share?text=Palo+Alto+Networks+Protections+Against+Bad+Rabbit+Ransomware+Attacks&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F10%2Fpalo-alto-networks-protections-bad-rabbit-ransomware-attacks%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F10%2Fpalo-alto-networks-protections-bad-rabbit-ransomware-attacks%2F&title=Palo+Alto+Networks+Protections+Against+Bad+Rabbit+Ransomware+Attacks&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2017/10/palo-alto-networks-protections-bad-rabbit-ransomware-attacks/&ts=markdown)  
\[\](mailto:?subject=Palo Alto Networks Protections Against Bad Rabbit Ransomware Attacks)  
Link copied  
By [Samantha Pierre](https://www.paloaltonetworks.com/blog/author/samantha-pierre/?ts=markdown "Posts by Samantha Pierre")  
Oct 24, 2017  
3 minutes  
[Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)  
[Bad Rabbit](https://www.paloaltonetworks.com/blog/tag/bad-rabbit/?ts=markdown)  
[ransomware](https://www.paloaltonetworks.com/blog/tag/ransomware/?ts=markdown)

What Happened

On Tuesday, October 24, a new variant of ransomware called Bad Rabbit began spreading throughout Eastern Europe. These attacks reportedly impacted multiple organizations in Russia, Ukraine, Turkey, and other countries within the region. Our Next-Generation Security Platform automatically created, delivered and enforced protections from this attack.

Bad Rabbit gains initial entry by posing as an Adobe Flash update. Once inside a network it spreads by harvesting credentials with the Mimikatz tool as well as using hard coded credentials. Bad Rabbit is similar to Petya/NotPetya insofar as it encrypts the entire disk. For a detailed analysis on the Bad Rabbit attack playbook, please see our blog from the [Unit 42 threat research team](https://www.paloaltonetworks.com/blog/2017/10/threat-brief-information-bad-rabbit-ransomware-attacks/?ts=markdown).

Preventions

Palo Alto Networks customers are protected through our Next-Generation Security Platform, which provides prevention through automation, applied consistently across the network, endpoint and cloud. Palo Alto Networks customers are protected from Bad Rabbit ransomware through multiple complementary prevention controls across the platform, including:

* **WildFire**classifies all known samples as malware, automatically blocking malicious content from being delivered to users.
* **AutoFocus** tracks the attack for threat analytics and hunting via the [Bad Rabbit tag](https://autofocus.paloaltonetworks.com/#/tag/Unit42.BadRabbit).
* **Threat Prevention** enforces protections for malicious payloads and DNS activity, including:
  * Antivirus signatures:
    * Unique Threat IDs: 187795407 and 187792728, as well as Trojan/Win32.ransom.pme" and "Trojan-Ransom/Win32.gen.eian" signature names.
  * DNS signatures:
    * Unique Threat ID: 187797549
* **URL Filtering**blocks all known injection URLs.
* **GlobalProtect**extends WildFire and Threat Prevention protections to ensure consistent coverage for remote locations and users.
* **Traps** uses its multi-method approach to prevent the malware from being executed on the endpoint automatically via integrated threat analysis and sharing with WildFire.
* \*\*Block Portable Executables (PEs)\*\*according to file blocking best practices, preventing malicious payload being delivered to users.
* \*\*Multi-Factor Authentication (MFA)\*\*can stop the usage of valid credentials, which were potentially leveraged to infect additional systems across the network.

\*\*NOTE:\*\*We are continuously monitoring the Bad Rabbit situation and will update this post with additional details on protections as they arise.

For best practices on preventing ransomware with the Palo Alto Networks Next-Generation Security Platform, please refer to our [Knowledge Base article](https://live.paloaltonetworks.com/t5/Featured-Articles/Best-Practices-for-Ransomware-Prevention/ta-p/74148). We strongly recommend that all Adobe users take additional steps to protect themselves by only getting Adobe Flash updates from the Adobe web site. For the latest on the Bad Rabbit attack playbook, please see the [Threat Brief: Information on Bad Rabbit Ransomware Attacks post](https://www.paloaltonetworks.com/blog/2017/10/threat-brief-information-bad-rabbit-ransomware-attacks/?ts=markdown).

Version Summary

October 24, 2017 2:30 p.m. PT

* Initial Publication

October 25, 2017 11:00 a.m. PT

* Added details on Traps

*** ** * ** ***

## Related Blogs

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### UPDATED: Palo Alto Networks Protections Against WanaCrypt0r Ransomware Attacks](https://www.paloaltonetworks.com/blog/2018/01/palo-alto-networks-protections-wanacrypt0r-attacks/)

### [Threat Brief](https://www.paloaltonetworks.com/blog/category/threat-brief/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Threat Brief: Information on Bad Rabbit Ransomware Attacks](https://www.paloaltonetworks.com/blog/2017/10/threat-brief-information-bad-rabbit-ransomware-attacks/)

### [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### Palo Alto Networks Protections for Petya Ransomware](https://www.paloaltonetworks.com/blog/2017/06/palo-alto-networks-protections-petya-ransomware/)

### [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### Ransomware: Common Attack Methods](https://www.paloaltonetworks.com/blog/2016/11/ransomware-common-attack-methods/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### The Cybersecurity Download: Ransomware](https://www.paloaltonetworks.com/blog/2016/10/the-cybersecurity-download-ransomware/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Research](https://www.paloaltonetworks.com/blog/category/research/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### From Ransom to Revenue Loss](https://www.paloaltonetworks.com/blog/2025/10/from-ransom-to-revenue-loss/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language