Table of Contents

Bad Rabbit is a strain of ransomware that first appeared in 2017 and is a suspected variant of Petya. Like other strains of ransomware, Bad Rabbit virus infections lock up victims’ computers, servers, or files preventing them from regaining access until a ransom—usually in Bitcoin—is paid.

Like other strains of ransomware, Bad Rabbit virus locks up victims’ computers, servers, or files prevents them from regaining access until a ransom—usually in Bitcoin—is paid.

Cybersecurity Education and Training Begins Here

Start a Free Trial

Here’s how your free trial works:

  • Meet with our cybersecurity experts to assess your environment and identify your threat risk exposure
  • Within 24 hours and minimal configuration, we’ll deploy our solutions for 30 days
  • Experience our technology in action!
  • Receive report outlining your security vulnerabilities to help you take immediate action against cybersecurity attacks

Fill out this form to request a meeting with our cybersecurity experts.

Thank you for your submission.


Bad Rabbit first appeared in 2017 and has similarities to ransomware strains called WannaCry and Petya.

Disguised as an Adobe Flash installer, a Bad Rabbit attack spreads through drive-by downloads on compromised websites, meaning victims could be exposed to the virus simply by visiting a malicious or compromised website. The Bad Rabbit malware is embedded into websites using JavaScript injected into the site’s HTML code.

If a person clicks on the malicious installer, BadRabbit ransomware encrypts files and presents users with an austere black-and-red message. It reads in part: “If you see this text, your files are no longer accessible. You might have been looking for a way to recover your files. Don’t waste your time.”

The text demands around $280 in Bitcoin and gives a 40-hour deadline for payments to be made.[1] Victims reported that making the payment did unlock their files, though this isn’t always the case in other ransomware attacks.


Ransomware such as Bad Rabbit attacks a network in one of two ways: as an encryptor (as is the case with Bad Rabbit malware) or as a screen locker. Encryptors lock data on a targeted system, making the content inaccessible without a decryption key. A screen locker simply blocks access to the system via a lock screen that simply claims that the system is encrypted.[2]

In either case, preventing Bad Rabbit ransomware is a far better option than remediating it.

Once you realize that you are the victim of Bad Rabbit ransomware attack, follow these steps to respond:[3]

  1. Contact law enforcement.
  2. Disconnect from any computers, servers or other equipment your network.
  3. Determine the scope of the problem based on your knowledge of threat intelligence.
  4. Orchestrate a response. Some types of ransomware, such as screen lockers, are easier to remediate. Others may require completely re-imaging (wiping) systems and recovering files from backup.
  5. Look for free ransomware decryption tools—but don’t rely on them. They don’t work for every type of ransomware and may not help you get your files back.
  6. Restore captive files from your backup systems.



[1] Lena Fuks (Security Boulevard). “10 Ransomware Attacks You Should Know About in 2019
[2] Proofpoint. “Ransomware is Big Business
[3] Proofpoint. “The Ransomware Survival Guide

Ready to Give Proofpoint a Try?

Start with a free Proofpoint trial.