Bad Rabbit Definition
Bad Rabbit is a strain of ransomware that first appeared in 2017. It appeared to target media companies in Russia and Ukraine. In most cases, it spread by posing as an Adobe Flash media player update, persuading victims to click and open a malicious file.
Like other strains of ransomware, Bad Rabbit virus locks up victims’ computers, servers, or files prevents them from regaining access until a ransom—usually in Bitcoin—is paid. Learn more about ransomware here.
History of Bad Rabbit Ransomware
If a person clicks on the malicious installer, BadRabbit ransomware encrypts files and presents users with an austere black-and-red message. It reads in part: “If you see this text, your files are no longer accessible. You might have been looking for a way to recover your files. Don’t waste your time.”
The text demands around $280 in Bitcoin and gives a 40-hour deadline for payments to be made. Victims reported that making the payment did unlock their files, though this isn’t always the case in other ransomware attacks.
Bad Rabbit Removal and Remediation
Ransomware such as Bad Rabbit attacks a network in one of two ways: as an encryptor (as is the case with Bad Rabbit) or as a screen locker. Encryptors lock data on a targeted system, making the content inaccessible without a decryption key. A screen locker simply blocks access to the system via a lock screen that simply claims that the system is encrypted.
In either case, preventing Bad Rabbit ransomware is a far better option than remediating it.
Once you realize that you are the victim of Bad Rabbit ransomware attack, follow these steps to respond:
- Contact law enforcement.
- Disconnect from any computers, servers or other equipment your network.
- Determine the scope of the problem based on your knowledge of threat intelligence.
- Orchestrate a response. Some types of ransomware, such as screen lockers, are easier to remediate. Others may require completely reimaging (wiping) systems and recovering files from backup.
- Look for free ransomware decryption tools—but don’t rely on them. They don’t work for every type of ransomware and may not help you get your files back.
- Restore captive files from your backup systems.