Oct, 2017

What is Bad Rabbit Ransomware?

What is Bad Rabbit Ransomware

Bad Rabbit ransomware has recently created headlines on 24th of October after it attacked computer networks across Russia, Ukraine, Turkey & Germany. Bad Rabbit attack is similar to the attacks of Petya Ransomware & WannaCry Ransomware, which locked data of computer users and demanded a ransom to unlock the same.

The ransomware has been given the name Bad Rabbit due to the header mentioned in the ransom website the user lands on. However, the technical name of this malware is Diskcoder.d, which may be familiar to you if you are aware of the Petya attack, which was caused by Diskcoder.d.

The new ransomware is capable of targeting not only individual PCs but also enterprise networks easily.  The working mechanism of Bad Rabbit ransomware is unique, it tricks computer users to install an Adobe Flash installer from some compromised websites. Once installed, the malware gets executed from a ZLIB-packed overlay.

The Bad Rabbit Ransomware can spread very fast from one system to another due to the implementation of Mimikatz. In order to spread fast, the ransomware is dependent on negligent insiders and unpatched computers.

After it attacks a computer, the user is directed to a .onion Tor domain where they are asked to pay .05 Bitcoin or roughly $276 USD to get their data back.  But there is no guarantee that this data can be retrieved even after paying the ransom amount. So it is recommended by many cyber experts not to pay the demanded ransom. Some also argue that paying ransom amount will encourage attackers to go for more such kinds of attacks in the future.

How to Remain Safe from Ransomware Attacks like Bad Rabbit?

Ransomware attacks have been increasing constantly, which make it necessary for individual users as well as enterprises to remain geared up to deal with any kind of attacks. Prevention is always better than cure as once infected with ransomware, there is no guarantee that the files can be retrieved. For organizations, ransomware attack can prove fatal which can severely damage the financial and market image of the company.  Some guidelines that help in preventing these kinds of ransomware attacks include:

  • Never download files from compromised or untrusted websites, which may carry ransomware files.
  • Use a quality antivirus product from a reputed security provider. However, only having an antivirus software is not sufficient, it should remain updated and periodic scans must be conducted.

The ransomware Bad Rabbit can be detected by REVE Antivirus and good news for the users is that the antivirus software is capable of removing this malware instantly after detection.


The Author

Abhijeet Guha

Abhijeet is an active blogger with decent experience in the IT Security industry. He researches on various topics related to cyber security and pens down his research in the form of articles & blogs. You can reach him at abhijeet@reveantivirus.com.
Abhijeet Guha
  Leave a Comment