Threat Analysis Unit (TAU) Threat Intelligence Notification: SNAKE Ransomware

A new enterprise targeting ransomware named ‘SNAKE’ was recently discovered. Similar to the other variants of ransomware, it will stop numerous processes or services such as antivirus software and perform the deletion of volume shadow copies to ensure all the data cannot be restored easily. After...

Threat Analysis Unit (TAU) Threat Intelligence Notification: Snatch Ransomware

During the end of the year 2019, a ransomware named ‘Snatch” was discovered. Snatch ransomware will force Windows to reboot in Safe Mode where most of the software and system drivers will not be running in order to perform the file encryption process. Similar to the other variants of ransomware, ...

Taking Reputation to Scale: An Iterative Journey with an Agile Approach (Part 2)

In Part 1 of this blog, we shared with you the challenges we had in balancing latency, scalability, and cost for our reputation services. In this blog, we’ll give you some insights into each major iteration along that journey, from the beginning to where we are now. 100 requests per second. Befor...

Taking Reputation to Scale: The Delicate Balance of Latency, Scale, and Cost (Part 1)

When it comes to serving reputation, even a millisecond of latency could create havoc, resulting in the unwanted spread of malware and causing costly consequences that no security company or customer wants. And that’s why we, as engineers here at Carbon Black, are constantly working towards...

CB TAU Threat Intelligence Notification: GermanWiper Ransomware

GermanWiper Ransomware was found distributed via spam email campaign in Germany. It’s a data-wiping malware and the ransom note was written in German language. The malware pretends to be ransomware but is actually a wiper that destroys the data instead of encrypting it. Figure 1: Screenshot of th...

CB TAU Threat Intelligence Notification – Karagany Malware

Secureworks recently reported in regards to an update of Karagany malware last month. The malware is used by the IRON LIBERTY threat group also known as DragonFly2.0 and Energetic Bear, targeting energy companies and organizations. Carbon Black Threat Analysis Unit TAU provides the product rules ...

Partner Perspectives: Accelerated Alert Handling from Syncurity and Carbon Black

JP Bourget is the Founder and CSO of Syncurity. One of the key Security Orchestration, Automation and Response SOAR use cases I see every day is alert handling. As more and more organizations adopt EDR solutions, like those offered by Carbon Black, Syncurity IR-Flow is able to speed up the alert...

CB TAU Threat Intelligence Notification: Email VBS Downloader Connects to C2 Server, Downloads Trickbot Payload

Carbon Black recently learned a customer had received a malicious email attached with a zip file which contained a malicious VBS script file. This malicious VBS downloader will connect to a Command & Control server and then download a malicious payload which contains Trickbot onto the victim’s...

CB TAU Threat Intelligence Notification: GandCrab 5.2 Ransomware Attempts to Delete Volume Shadow Copies

GandCrab 5.2 ransomware will append seven randomly generated strings as the file extension to each encrypted file and drop a ransom note named as ‘generated file extension-MANUAL.txt’, for example, “office.doc.uahmthl” and “UAHMTHL-MANUAL.txt”. It will also change the desktop background of the...

CB TAU Threat Intelligence Notification: CryptoMix Clop Ransomware Disables Startup Repair, Removes & Edits Shadow Volume Copies

Summary A wew variant of CryptoMix Clop ransomware has been distributed as a binary that is digitally signed and verified which makes it look like a legitimate executable. In addition, CryptoMix Clop ransomware will append ‘.clop’ or ‘.ciop’ as a file extension to the encrypted file and drop a...

CB Customer Spotlight: Q&A with Ritter Insurance Marketing’s Dan McLellan

Dan McLellan is a Network Support Specialist at Ritter Insurance Marketing, and uses the Carbon Black community to increase his security knowledge and share information with his colleagues. Having access to insights from other security professionals has not only shortened the time he spends tryin...

Small Business Benefits of Moving to the Cloud: Ease of Use

If you’re a security professional at a small business, odds are you’re looking for a solution that isn’t overly complicated and doesn’t require a huge amount of oversight. At Carbon Black, we understand that your security and IT Ops teams are understaffed and your budget is stretched thin...

Partner Perspectives: Orchestrating Endpoint Security with CyberSponse and Carbon Black

Amit Jain is the Principal Technical Product Manager at CyberSponse. Today's network security infrastructures are complex beasts. Increasing mobile and cloud deployments have made managing endpoint security more challenging than ever before. The dynamic and ever-evolving nature of today’s...

Excerpts From “Why Companies Are Replacing AV with Advanced Endpoint Security”

Is legacy antivirus failing to keep your endpoints secure? In Carbon Black's recent webinar, Fulcanelli Chavez, Sr. Security Operations Analyst at D.A. Davidson, shared how switching from McAfee to Cb Defense has improved protection and simplified operations for his team. Below are excerpts from...

Using MITRE ATT&CK When Researching Attacker Behavior in a Post-Compromise World

MITRE ATT&CK is arguably one of the best assets available to security professionals who want to dive into the intricacies of detecting and preventing adversary behaviors. Why is that? It’s a great knowledge base of known adversarial behaviors overlayed with attacker TTPs and their state in the...

SC Media Awards Cb Defense, Cb ThreatSight 5 Out of 5 Stars

"During testing, Cb Defense performed as a top-quality endpoint security program…Great intuitive cloud platform with an armament of modern security technologies with a quick implementation into your business environment." - SC Media "Carbon Black also offers Cb ThreatSight as an add-on, which is...

Cb ThreatSight Investigation Reveals RETADUP Worm Leverages AutoIt to Launch Monero Cryptomining Campaign

While monitoring a customer’s environment, the Carbon Black ThreatSight team discovered a series of unusual alerts. Further investigation of the suspect processes revealed these alerts were related to an attacker leveraging the open-source Monero framework to launch a crypto-mining campaign. Afte...

Carbon Black’s Predictive Security Cloud (PSC) To Help Power Newly Launched IBM X-Force Threat Management Services

Today is another exciting day for Carbon Black and IBM! This morning we announced Carbon Black has expanded its relationship with IBM Security as the Cb Predictive Security Cloud PSC™ will be part of the newly launched IBM X-Force Threat Management Services to further combat advanced threats acro...

Cloud & Big Data: The Future of Security – Carbon Black & VMware’s 15-City Tour “Cloud Force Security” Kicks Off Feb. 20!

Endpoint Security is Broken Attackers are innovating faster than traditional defenses can keep up. In response, the security stack has become too complicated as more products that don’t work together are introduced to fill the gaps. There is a better way. Organizations are moving their endpoint a...

January Release Brings Improved Enterprise Management to Cb Defense

As a network of computers gets larger, the challenges and risks of keep systems consistently protected and in compliance increases. This means that, with a huge number of dispersed endpoints to keep watch over, security administrators at enterprise organizations often spend too much time deployin...