Let’s travel together.

What Is Bad Rabbit Ransomware?

Imagine you’re working on your device and suddenly find that you can’t access your files. You might be a victim of a Bad Rabbit ransomware attack.


Although the first instance of this attack was against organizations in Ukraine and Russia, Bad Rabbit ransomware has become quite common, affecting individuals globally.


What Is a Bad Rabbit Ransomware Attack?

Bad Rabbit ransomware is a type of malicious software that hackers use to encrypt data on a computer or network so that they can demand a ransom from the victim to unlock it. It was first discovered in 2017 and is believed to be a variant of the Petya ransomware, a notorious malware attack.

Although a crack code for the Petya ransomware has been developed, threat actors have tweaked their tactics and increasingly use the Bad Rabbit ransomware.

Bad Rabbit attackers typically request Bitcoin payments in exchange for a decryption key to unlock the files. Note that only unpatched Windows 7 and newer Windows OS are susceptible to Bad Rabbit ransomware attacks.

This ransomware doesn’t employ traditional methods, i.e. spreading via phishing emails. Instead, the creator—who is strangely obsessed with Game of Thrones and reflects this with references in the malware’s code—embeds their ransomware in websites, using JavaScript infused into the site’s HTML code.

The owners of these sites containing the ransomware may not know that the Bad Rabbit is hidden on their service.

How Does Bad Rabbit Ransomware Work?

a representation of a hacker

This ransomware uses the EternalBlue exploit, created by the NSA and leaked in 2017. This exploit targets vulnerabilities within Microsoft’s Server Message Block (SMB) protocol, which is used for file and printer sharing.

When a computer is running a compromised version of the SMB protocol, an attacker can use this protocol to scan for open shares and propagate them to other computers.

Furthermore, Bad Rabbit ransomware can spread by injecting code into the process of explorer.exe, which also causes the malware to move from one machine to another over network connections.

According to PCRisk, victims of Bad Rabbit ransomware typically receive a similar version of this text:

Oops! Your files have been encrypted.

If you see this text, your files are no longer accessible. You might have been looking for a way to recover your files. Don’t waste your time. No one will be able to recover them without our decryption service. We guarantee that you can recover all your files safely. All you need to do is submit the payment and get the decryption password… If you have already got the password, please enter it below.

Password#1: –

It includes a website address where you can make payment too.

When you try to access your servers or files on your PC and text like the one above pops up, your computer has been infected. You will likely be asked to pay a specific fee before a deadline. But many victims have reported that their files were still inaccessible even after paying the ransom.

So even if you pay, you might not get your data back.

If you unknowingly download this ransomware, it won’t automatically install; you have to launch the Adobe update for the Bad Rabbit to begin its operations. When spreading across computers in a network, the malware uses a combination of simple usernames and passwords to infect machines.

How to Recover Files After a Bad Rabbit Ransomware Attack

A Bad Rabbit attack is deadly, and file recovery can be tedious and time-consuming.

graphic of padlock with skull wrapped in chains

You can take numerous steps to recover your data. But before carrying these out, ensure your computer is disconnected from the internet to prevent the ransomware from encrypting even more of your files.

Restore from Backups

If you have a recent version of your files in a backup system, then all you need to do is restore them as soon as possible. But before doing so, make sure you eliminate the ransomware from your computer. This can be done by resetting your system to default settings. After resetting, you can upload your backups safely.

Ransomware Decryption Tools

Security experts have developed various ransomware decryption tools. They help break the decryption on your files using complex algorithms that have been tested on different ransomware versions.

However, before using any tool, ensure you trust the source, as ransomware can also be disguised as a decryption tool. If you’re unsure, go to an IT professional.

Windows System Restore

A screenshot of Windows System Restore

System Restore, a feature in Microsoft Windows, allows you to return your computer to a previous time, called a restore point. You can restore system files, installed applications, Windows Registry, and even system settings.

A screenshot of the Windows System Restore Tab

This feature can come in handy when dealing with malicious malware or faulty software installation.

Here are the steps to use the System Restore tool on a Windows computer:

  • Head to the Start menu and type “Control Panel” into the search box.
  • After navigating to the app, search for and click on Recovery.
  • Then, tap the Open System Restore button.
  • Click on Next to launch the restore process.
  • Select your preferred restore point, and click on the respective Next button.

A screenshot of the Windows System Restore Point

  • Confirm the restore point you selected, and click on the Finish button.
  • Wait for the restore process to complete, and restart your computer.

How to Prevent a Bad Rabbit Ransomware Attack

As rampant as Bad Rabbit attacks are, they can be prevented by strictly adhering to a few simple practises.

Update Your Operating System

Attackers exploit software vulnerabilities to gain access to a system or network. By updating your operating system and software with the latest security updates and patches, you can remove these vulnerabilities and reduce the risk of a ransomware attack.

Ransomware is often delivered via malicious links or attachments in emails or other messages. Avoid downloading attachments or clicking on links from unknown sources, as this reduces the risk of falling victim to an attack.

Backups and Firewalls

backing up folders on cloud external storage servers

Bad Rabbit ransomware encrypts your files and holds them hostage, until you pay the ransom. By regularly backing up your important data and storing it securely (i.e. disconnecting it from your machine), you can restore your files if they are encrypted by ransomware.

Also, firewalls and intrusion detection systems can help prevent unauthorized parties from accessing your network. By enabling these security features on all your devices, you can reduce the risk of a ransomware attack.

Passwords and 2FA

Use strong passwords and two-factor authentication when possible. They can help prevent unauthorized access to your system and reduce the risk of a ransomware attack. Note that malware can cause unusual network activity. Keep an eye out for this, and you will be able to respond to an attack swiftly.

Bad Rabbit Ransomware: Prevention Takes Precedence

Bad Rabbit ransomware can get into your computer and encrypt your files if you visit untrusted sites.

Prevention should be given precedence, but preparing an incident response plan can help you respond quickly and effectively if an attack does occur. The incident response plan should outline the steps to be taken in a ransomware attack, including how to contain the attack and restore data if prevention fails.

Comments are closed.