All Products: What configuration needs to be setup to protect against Qakbot Ransomware?
book
Article ID: 288584
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)Carbon Black Cloud Endpoint Standard (formerly Cb Defense)Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)Carbon Black EDR (formerly Cb Response)Carbon Black Hosted EDR (formerly Cb Response Cloud)
Issue/Introduction
What configuration needs to be setup in to protect against Qakbot a.k.a. Qbot/QuackBot/PinkslipBot Ransomware?
Environment
Carbon Black Cloud: All Versions
EDR (formerly CB Response): All Versions
App Control (formerly CB Protection): All Versions
Resolution
The Threat Research team has reviewed this and have prepared a document with recommended configurations: https://community.carbonblack.com/t5/Threat-Research-Docs/TAU-TIN-Qakbot/ta-p/113460
Additional Information
The TAU-TIN team regularly publish articles on critical vulnerabilities and how to best prevent attacks. Follow the Threat Research space for the latest updates.