The Bad Rabbit Ransomware is a strain of ransomware that has been very active in the eastern European nations of Ukraine and Russia. It is the third strain of malware to hit eastern European nations hard following the successful ransom campaigns by the WannaCry and the NotPetya malware.
Bad Rabbit is described by cybersecurity researchers as ransomware that spreads through ‘drive-by attacks’. Users visit legitimate but compromised sites that trigger the downloading of a malware dropper, thus leading to infection. In most cases, the malware is often disguised as an Adobe Flash installer. Once the innocent-looking file is installed on a computer, it starts the process of encrypting files on the infected device.
Most targets of the ransomware have been in Russia and Ukraine. Some computers in Germany and Turkey have also been targeted. Once the infection is complete, the malware requests a ransom of $280 in bitcoins or 0.5 bitcoins, whatever the exchange rate is. It also gives a 40-hour deadline for the delivery of the ransom. Failure to deliver the ransom on time leads to a permanent loss of the encrypted files. While Bad Rabbit will mostly target single devices, it can also propagate through networks like a bot.
Here is a copy of the Readme.txt that informs victims that their computers have been infected:
“Oops! Your files have been encrypted.
If you see this text, your files are no longer accessible.
You might have been looking for a way to recover your files.
Don’t waste your time. No one will be able to recover them without our
We guarantee that you can recover all your files safely. All you
need to do is submit the payment and get the decryption password.
Visit our web service at –
Your personal installation key#: –
If you have already got the password, please enter it below.”
Who is Responsible for the Bad Rabbit Ransomware?
Currently, no hacker group has come forward to claim responsibility for the Bad Rabbit malware. Cybersecurity experts have, however, found some similarities between Bad Rabbit and the NotPetya malware, leading them to believe that they could be from the same creator. The ransomware works by exploiting the Server Message Block (SMB), a technique that is also used by other malware entities. The malware is also known to use an exploit discovered by the NSA called Eternal Romance.
What to Do About the Bad Rabbit Ransomware
Is there a way to get rid of the Bad Rabbit ransomware from your computer without having to pay a ransom? Unfortunately, there are only a few effective ways of dealing with the Bad Rabbit ransomware. This is because the virus employs AES 256-bit and RSA-2048 cryptographies which are very difficult to break. The ransomware will also reboot your computer so that you will not be able to access many of the Windows settings and apps that can help you successfully recover from an attack. This effectively removes the ability of starting the computer normally.
Does that mean that you should pay the ransom? No, you should never encourage criminals by giving them what they want as such behavior will only incentivize them to develop even more aggressive malware in the future. At the same time, criminals are not to be trusted. You might pay the ransomware only for them to go back on their promise of decrypting your files.
File Recovery Possibility After an Attack by the Bad Rabbit Ransomware
Despite what you have read above, there is still a slim chance that you might recover your files after an attack from the Bad Rabbit ransomware. Security researchers have discovered a flaw in the design of the malware that can be used to recover some, if not all of your files. Bad Rabbit does not delete shadow copies after encrypting victim’s files. Thus, you can still recover and restore the original versions of the encrypted files by using Windows apps or third-party utilities.
To use these utilities, you must run Windows in Safe Mode with networking so that you can isolate the virus and still be able to remove it. Here is how to enable Safe Mode with networking on your Windows device:
- Hold the power button for 10 seconds to turn off your computer.
- Press the power button to turn on your computer. Do this repeatedly (at least three times) until you enter the Windows Recovery Environment.
- On the Choose an option menu that appears as part of the Windows Recovery Environment, select Troubleshoot > Advanced Options > Startup > Settings > Restart.
- After your computer restarts, you will see a list of options. Select option 5 from the list or press the F5 key to boot your computer into Safe Mode with Networking.
Safe Mode with Networking will allow you to access the internet where you can download a powerful anti-malware solution, such as Outbyte Antivirus which you can then use to permanently remove the Bad Rabbit malware.
Using an antivirus might not recover all your files, but if some have not been encrypted, you stand a very good chance of saving many of them. And if you would consult with a computer technician, they might even show you how to recover shadow files.
Another way to get around the Bad Rabbit malware is through System Restore. System Restore is a novel Windows process that gives you the ability to ‘return’ your computer to an earlier working state. Assuming that you cannot access your computer’s apps and settings because of the malware, you can, instead of running Windows in Safe Mode with Networking, choose System Restore from the Advanced options menu. You can use the same steps above to get to the Advanced options menu.
System Restore will only work if there is already a restore point on your computer, otherwise you will have to rely on Safe Mode with Networking or the more radical option of resetting your computer to get rid of the Bad Rabbit malware.
How Do you Protect Your Computer from Bad Rabbit Malware?
You can take several steps to make certain that your computer never falls victim of the Bad Rabbit ransomware or any other ransomware for that matter.
First, download a powerful anti-malware solution. While at it, you can also download a PC repair tool that will routinely monitor the performance of your computer. If something is amiss, the program will report this to you.
Secondly, make sure that you are running the latest version of the Windows OS. If not, update your current Windows OS by downloading security patches. As you probably know, many software vulnerabilities that were previously unknown were made public courtesy of the Snowden disclosures. These vulnerabilities are what hackers and criminals continually exploit when unleashing their malware.
Most importantly, refrain from downloading attachments and files from untrustworthy sources. If you are suspicious of a link, a site or a download, take time to confirm your suspicions. This goes without saying but always have a backup of your most important files in a physical hard drive somewhere. It is a magic trick that will neutralize the powers of any hacker group out there.
That will be all about the notorious Bad Rabbit malware. If you have any questions, suggestions or something to add regarding the ransomware, feel free to use the comment section below.