Guide de survie contre les ransomwares - Protection contre les menaces

Bad Rabbit

What Is Bad Rabbit ransomware?

Learn about the Bad Rabbit ransomware.

Definition

Bad Rabbit is a strain of ransomware that first appeared in 2017. It appeared to target media companies in Russia and Ukraine. In most cases, it spread by posing as an Adobe Flash media player update, persuading victims to click and open a malicious file.

Like other strains of ransomware, Bad Rabbit virus locks up victims’ computers, servers, or files prevents them from regaining access until a ransom—usually in Bitcoin—is paid. Learn more about ransomware here.

 

History

Bad Rabbit ransomware first appeared in 2017 and has similarities to ransomware strains called WannaCry and Petya.  

Disguised as an Adobe Flash installer, a Bad Rabbit attack spreads through drive-by downloads on compromised websites, meaning victims could be exposed to the virus simply by visiting a malicious or compromised website. The malware is embedded into websites using JavaScript injected into the site’s HTML code.

If a person clicks on the malicious installer, BadRabbit ransomware encrypts files and presents users with an austere black-and-red message. It reads in part: “If you see this text, your files are no longer accessible. You might have been looking for a way to recover your files. Don’t waste your time.”

The text demands around $280 in Bitcoin and gives a 40-hour deadline for payments to be made.[1] Victims reported that making the payment did unlock their files, though this isn’t always the case in other ransomware attacks.

 

Remediation

Ransomware such as Bad Rabbit attacks a network in one of two ways: as an encryptor (as is the case with Bad Rabbit malware) or as a screen locker. Encryptors lock data on a targeted system, making the content inaccessible without a decryption key. A screen locker malware simply blocks access to the system via a lock screen that simply claims that the system is encrypted.[2]

In either case, preventing ransomware is a far better option than remediating it.

Once you realize that you are the victim of Bad Rabbit ransomware attack, follow these steps to respond:[3]

  1. Contact law enforcement.
  2. Disconnect from any computers, servers or other equipment your network.
  3. Determine the scope of the problem based on your knowledge of threat intelligence.
  4. Orchestrate a response. Some types of ransomware, such as screen lockers, are easier to remediate. Others may require completely reimaging (wiping) systems and recovering files from backup.
  5. Look for free ransomware decryption tools—but don’t rely on them. They don’t work for every type of ransomware and may not help you get your files back.
  6. Restore captive files from your backup systems.
 

[1] Lena Fuks (Security Boulevard). “10 Ransomware Attacks You Should Know About in 2019.” April 2019.

[2] Proofpoint. “Ransomware is Big Business.” April, 2019.

[3] Proofpoint. “The Ransomware Survival Guide.” April, 2019.