What Is Bad Rabbit Ransomware?
Imagine you’re working on your device and suddenly find that you’re able to’t access your files. You might be a victim of a Bad Rabbit ransomware attack.
Although the first instance of this attack was against organizations in Ukraine and Russia, Bad Rabbit ransomware has become quite common, affecting individuals globally.
What Is a Bad Rabbit Ransomware Attack?
Bad Rabbit ransomware is a type of malicious software that hackers use to encrypt data on a computer or network so that they can demand a ransom from the victim to unlock it. It was first discovered in 2017 and is believed to be a variant of the Petya ransomware,a notorious malware attack.
Although a crack code for the Petya ransomware has been developed, threat actors have tweaked their tactics and increasingly use the Bad Rabbit ransomware.
Bad Rabbit attackers typically request Bitcoin payments in exchange for a decryption key to unlock the files. Note that only unpatched Windows 7 and newer Windows OS are susceptible to Bad Rabbit ransomware attacks.
This ransomware doesn’t employ traditional methods, i.e. spreading via phishing emails. Instead, the creator—who is strangely obsessed with Game of Thrones and reflects this with references in the malware’s code—embeds their ransomware in websites,using JavaScriptinfused into the site’s HTML code.
The owners of these sites containing the ransomware may not know that the Bad Rabbit is hidden on their service.
How Does Bad Rabbit Ransomware Work?
This ransomware uses the EternalBlue exploit, created by the NSA and leaked in 2017. This exploit targets vulnerabilities within Microsoft’s Server Message Block (SMB) protocol, which is used for file and printer sharing.
When a computer is running a compromised version of the SMB protocol, an attacker can use this protocol to scan for open shares and propagate them to other computers.
Furthermore, Bad Rabbit ransomware can spread by injecting code into the process of explorer.exe, which also causes the malware to move from one machine to another over network connections.
According toPCRisk, victims of Bad Rabbit ransomware typically receive a similar version of this text:
Oops! Your files have been encrypted.
If you see this text, your files are no longer accessible. You might have been looking for a way to recover your files. Don’t waste your time. No one will be able to recover them without our decryption service. We guarantee that you could recover all your files safely. All you need to do is submit the payment and get the decryption password… If you have already got the password, please enter it below.
Password#1: -
It includes a website address where you can make payment too.
When you try to access your servers or files on your PC and text like the one above pops up, your computer has been infected. You will likely be asked to pay a specific fee before a deadline. But many victims have reported that their files were still inaccessible even after paying the ransom.
So even if you pay, you might not get your data back.
If you unknowingly download this ransomware, it won’t automatically install; you have to launch the Adobe update for the Bad Rabbit to begin its operations. When spreading across computers in a network, the malware uses a combination of simple usernames and passwords to infect machines.
How to Recover Files After a Bad Rabbit Ransomware Attack
A Bad Rabbit attack is deadly, and file recovery can be tedious and time-consuming.
you may take numerous steps to recover your data. But before carrying these out, ensure your computer is disconnected from the internet to prevent the ransomware from encrypting even more of your files.
Restore from Backups
If you have a recent version of your files in a backup system, then all you need to do is restore them as soon as possible. But before doing so, make sure you eliminate the ransomware from your computer. This can be done by resetting your system to default settings. After resetting, you can upload your backups safely.
Ransomware Decryption Tools
Security experts have developed variousransomware decryption tools. They help break the decryption on your files using complex algorithms that have been tested on different ransomware versions.
However, before using any tool, ensure you trust the source, as ransomware can also be disguised as a decryption tool. If you’re unsure, go to an IT professional.
Windows System Restore
System Restore, a feature in Microsoft Windows, allows you to return your computer to a previous time, called a restore point. You can restore system files, installed applications,Windows Registry, and even system settings.
This feature can come in handy when dealing with malicious malware or faulty software installation.
Here are the steps touse the System Restore toolon a Windows computer:
How to Prevent a Bad Rabbit Ransomware Attack
As rampant as Bad Rabbit attacks are, they can be prevented by strictly adhering to a few simple practises.
Update Your Operating System
Attackers exploit software vulnerabilities to gain access to a system or network.By updating your operating system and softwarewith the latest security updates and patches, it’s possible to remove these vulnerabilities and reduce the risk of a ransomware attack.
Avoid Clicking on Unknown Links and Attachments
Ransomware is often delivered via malicious links or attachments in emails or other messages. Avoid downloading attachments or clicking on links from unknown sources, as this reduces the risk of falling victim to an attack.
Backups and Firewalls
Bad Rabbit ransomware encrypts your files and holds them hostage, until you pay the ransom. By regularly backing up your important data and storing it securely (i.e. disconnecting it from your machine), you can restore your files if they are encrypted by ransomware.
Also, firewalls andintrusion detection systemscan help prevent unauthorized parties from accessing your network. By enabling these security features on all your devices, you can reduce the risk of a ransomware attack.
Passwords and 2FA
Use strong passwords andtwo-factor authenticationwhen possible. They can help prevent unauthorized access to your system and reduce the risk of a ransomware attack. Note that malware can cause unusual network activity. Keep an eye out for this, and you will be able to respond to an attack swiftly.
Bad Rabbit Ransomware: Prevention Takes Precedence
Bad Rabbit ransomware can get into your computer and encrypt your files if you visit untrusted sites.
Prevention should be given precedence, but preparing an incident response plan can help you respond quickly and effectively if an attack does occur. The incident response plan should outline the steps to be taken in a ransomware attack, including how to contain the attack and restore data if prevention fails.
You’ve heard the stories, but what is ransomware? How does it work? Does it really steal your data - and how can you stop it?
I plugged random USB devices into my phone and was pleasantly surprised by how many actually worked.
OneDrive is one of the best, but it has a catch.
My foolproof plan is to use Windows 10 until 2030, with the latest security updates.
One casual AI chat exposed how vulnerable I was.
These films will leave you questioning humanity, but also wanting more.
