Starting 2017, is the year full of malware attacks. Recently we have discussed about petya in our previous article. Now a new malware has been developed and according to the security experts it is much improved version of petya ransomware which is called Bad Rabbit Ransomware.
From Tuesday 24 Oct 2017, Bad Rabbit Ransomware hits almost every country’s network and spreading constantly to other as well. According to latest reports the bad rabbit infected Russia’s and Ukraine networks on high priority basis after which the reports are also coming from other countries like turkey, UA, Germany, Japan and many more.
According to the Kaspersky lab, the bad rabbit infected Russian news group Fontaka and aims to spread more organizations. Bad rabbit infected millions of websites and servers. The Eset and Kaspersky makers have issued an update regarding this new malware.
Is Bad Rabbit Same like Petya?
Unlike, petya ransomware the bad rabbit spread from downloading a flash player file from fake website or a website which has been already infected with this malware. So if a user downloads a fake flash player file and the moment file will execute by the user the whole PC gets infect.
After taking control of PC it redirects the user towards its own page demanding 0.5 bitcoins(BTC) which is same amount in case of petya along with its BTC address where a user have to send bitcoins after which he or she may get a decryption key required for unlocking their precious files.
Here is the video demonstration of Petya
How to Prevent Your PC with Bad Rabbit Infection
As per the below tweet by an Security expert, An user have to create a file in the windows Main partition in order to prevent the bad rabbit ransomware attack
I can confirm – Vaccination for #badrabbit:
Create the following files c:\windows\infpub.dat && c:\windows\cscc.dat – remove ALL PERMISSIONS (inheritance) and you are now vaccinated. 🙂 pic.twitter.com/5sXIyX3QJl
— Amit Serper (@0xAmit) October 24, 2017
All you have to do is Create the following files under the main directory of windows folder :
After creating the files make sure you have removed all the permissions which grants user “read and right” privilege.
Please note: We cannot guarantee whether it will work or not so try it by your own. Although, some sources have confirmed that its working.
Disable WMI Service:
If your computer is connected to a network then you should disable or stop the WMI service in windows. This will prevent the virus infection.
You can find more details about Starting/Stopping WMI Service Here
Buy a Anti Ransomware Enabled Antivirus
It is also recommend that your antivirus should contain ransomware shield which is not present in most of the antivirus. There are many anti-viruses available at online and offline stores as well. So, Pick the right one which is good for you.
Always download Files from Trusted Source
Before upgrading any of your apps or downloading any file from Internet please make sure that you should do it from trusted and verified source. Downloading a file from untrusted sources can results in suspicious activity results in security compromise.
Make your Server Firewall Protected
If you have any website or an server make sure you perform regularly security updates. And also it is recommend that you should enable firewall on your server in order to eliminate suspicious activity.
However, Researchers are investigating the attack behind Bad Rabbit Ransomware and possibly they would release the decryption key. Meanwhile you should follow the above steps and stay safe from fake websites which can cost you a ransomware or malware.