5 things to know about the latest Bad Rabbit ransomware attack

by Jake Doe - -

Bad Rabbit ransomware is the most aggressive and dangerous computer virus at the moment

Top facts about Bad Rabbit ransomware virus

WannaCry and Petya are not the only viruses that earned fame during global cyber attacks. Bad Rabbit ransomware, which is suspected to be a new variant of Petya/NotPetya/ExPetr, severely hit Russia, Ukraine, Germany, Turkey and other countries worldwide on October 24th.

The ransomware encrypts all data on the computer and rewrites Master Boot Record. Consequently, the malware restarts the system and then displays a ransom note on the screen. The new malware variant already affected a number of different countries worldwide, and considering how rapidly it spreads, it is a must to know the main facts about it.

The information flow is accelerating, and computer users can quickly get lost as every news site provides more and more details about the virus. Experts from VirusActivity team have prepared a fact sheet about Bad Rabbit cyber attack, what it is and what do computer users need to know.

Top 5 things to know about BadRabbit cyber attack

1. The ransomware spreads via fake Adobe Flash Player updates.

According to experts, developers of the ransomware employed an old and efficient ransomware distribution method that relies of fake Flash Player updates.[1] It appears that hackers injected malicious JavaScript codes into HTML of various websites (most of them are Russian, Bulgarian or Turkish) and this way forced them to serve fake pop-ups suggesting to update an outdated Flash Player.

In case the victim clicks the “Install” button, the malicious script redirects the victim to malware-laden domains and downloads install_flash_player.exe file. At this point, the victim can still step back and delete the downloaded file to avoid a complete data corruption. Unfortunately, execution of the said file starts data encryption process straight away.

The ransomware does not spread using EternalBlue vulnerability as NotPetya virus did. Instead, Bad Rabbit is capable of spreading further via SMB shares.[2]

2. Bad Rabbit is suspected to be an improved variant of Petya/NotPetya ransomware

Speaking of Bad Rabbit’s origins, we must mention the infamous ransomware known as Petya/NotPetya/ExPetr[3]. Both viruses have similarities and differences, but the most noticeable detail is that both of them modify Master Boot Record (MBR) and display a frightening message on a computer screen.

3. The new virus isn’t a wiper and works as a true crypto-ransomware that renders files useless to demand a ransom.

BadRabbit, however, isn’t a wiper. While NotPetya was initially identified as ransomware, further analysis revealed that it corrupted data on the target system permanently. The damage carried by the malicious payload could not be reversed in any way.

The new variant, however, encrypts files with using DiskCryptor utility. Files encoded by Bad Rabbit will have .encrypted file extension appended to their names.

4. The ransomware asks to pay 0.05 Bitcoin

After encrypting the files on the target system, the malware modifies MBR and restarts the computer. As a result, the victims run into a scary-looking message written in red on a black background. The ransomware suggests visiting a suspicious-looking URL that cannot be accessed via regular web browsers.

The victim has to download and install Tor browser to access the payment website. The website then asks entering the personal identification key. Providing the given key allows the victim to see criminals’ Bitcoin address where the payment must be transferred. The ransomware gives 40 hours to complete the transaction. The price of the ransom increases as soon as 40 hours pass.

5. No way to decrypt files encrypted by Bad Rabbit

Unfortunately, no matter how hard you try, there is no way to recover files corrupted by Bad Rabbit malware. There is still some hope left that malware analysts might find a flaw in the ransomware code that could allow them to create a working decryption tool, however, at the moment such expectations seem unrealistic.

Currently, the only possible way to recover files corrupted by this new ransomware variant is to use a data backup.[4] However, firstly you will need to remove Bad Rabbit malware. If you are unfamiliar with the best malware removal tools nowadays, we strongly advise reading reviews on security-related sites such as 2-Spyware.com.

Prevent websites, ISP, and other parties from tracking you

Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.

A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.

Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.


Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.

Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.

Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.

About the author
Jake Doe
Jake Doe - Computer technology geek

Jake Doe is a News Editor at Ugetfix. Since he met Ugnius Kiguolis in 2003, they both launched several projects that spread awareness about cybercrimes, malware, and other computer-related problems.

Contact Jake Doe
About the company Esolutions


Your opinion regarding 5 things to know about the latest Bad Rabbit ransomware attack