The Internet changed our lives for the better. If we could spend hours or even days to get acquainted with news or critical events around the world, now we have the information available in a matter of minutes or even seconds. Communications improved considerably, and with a smartphone, iPhone or any device with Internet connectivity, we can achieve beautiful things and use them for leisure, work, or just watching the news.
However, not everything is perfect. Imagine you recently woke up, and you are about to sit down in front of your laptop to read the daily news of your location. You see an Adobe Flash installer, and since you want to update to the newest version, you innocently click on it.
Be wary of ransomware attacks
If you do it, you could be the newest victim of the most recent Ransomware attack that is terrorizing Europe and is quickly reaching other geographical locations: the Bad Rabbit is its name, and it can severely compromise your online security.
This form of malware is famous for making people infect themselves because it masks behind the Adobe Flash installer and is usually present in the most unexpected sites, like global news hubs and such pages.
To have a full understanding of what is the Bad Rabbit and how it does functions, first we need to clarify what exactly is a ransomware attack: it is one of the newest inventions of hackers and cybercriminals, and you could identify it in the malware catalog as a Trojan.
Online kidnapping of your assets
Ransomware is a cyber-attack that hijacks your system or device, accessing your system via unknown email attachments that you download or pop-ups that you innocently click, like the “Adobe Flash installer” that can lead you to the Bad Rabbit ransomware.
When ransomware gets in your system, it encrypts your data and blocks you from accessing critical stuff on your device. Cyber-criminals, then, ask for ransom, which you would have to pay for them to “liberate” your information and files for you. It is kidnapping in the most basic of senses.
Some of the most notable examples of Ransomware, like the WannaCry worm, CryptoLocker, and Cryptowall, have terrorized our web ventures since 2012, and together they have made these criminals millions of dollars at the expense of innocent people.
Bad Rabbit: the most recent online threat is frightening Europe
Now, moving on to the Bad Rabbit: creators and developers are currently asking for a ransom of 0.05 Bitcoin (BTC), which is, by far, the most famous and valuable cryptocurrency in the market. The mentioned 0.05 BTC account for nearly $300 in the current market exchange rate.
Imagine having to pay some nasty criminals nearly $300 just for them to give back your information and digital assets. However, people sometimes cannot afford to lose some valuable data, files, contacts, documents, pictures, videos, and other crucial resources.
Most of the documented Bad Rabbit ransomware events happened in Russia, although there are other affected nations, such as Ukraine, Germany, and Turkey, just to name a few. When the malware is in your system, the screen will turn black and, in red letters, creators and developers will explain to you that your files are now encrypted, and you need to pay the ransom for them to decrypt them.
Another critical feature of the Bad Rabbit attack is that it shows you a big countdown, in white letters. It says that you have that time to pay up, or the ransom, which is 0.05 BTC, will go up. The Kaspersky Lab has already found 200 targets of this ransomware.
Preventive measures you can take to avoid Bad Rabbit
- Update your antivirus software to the last version, which is most likely to have more tools to defend your system from Bad Rabbit and other Ransomware attacks.
- Install antivirus software if you haven’t already. In past times, experts recommended it; now, it is almost obligatory.
- Stay away from downloading or running Adobe Flash updates.
- Avoid executing files that follow the path “c:\windows\infpub.dat and c:\Windows\cscc.dat.”
- Have several data backups available just in case. We can recommend you to do monthly or weekly backups.
- If you can, deactivate WMI (Windows Management Instrumentation) services.
How to “vaccinate” your system against Bad Rabbit ransomware attacks
The well-known malware specialist and researcher Amit Serper said that there is a way to “vaccinate” yourself to prevent Bad Rabbit Ransomware attacks, and it involves removing all permissions for executing the ‘cscc.dat’ file.
Learn to remove permissions from ‘infpub.dat’ & ‘cscc.dat’ files
- The first step involves running cmd.exe as admin.
- Them, you have to write this: echo “” > c:\windows\cscc.dat&&echo “” > c:\windows\infpub.dat.
- Click with right button of your mouse the part that says cscc.dat file.
- Go ahead and select the “Properties” section.
- Access the Security tab.
- Click on “Advance.”
- Click on “Change Permissions.”
- Choose “System.”
- Click on “Edit.”
- Look for the part that says “Include inheritable permissions from this object’s parents” and make sure it is unchecked.
- When the pop-up box shows up on your display, “Remove” it.
- Done! You are now vaccinated against the Bad Rabbit Ransomware attack. You have to do the process again for other files.
Can people affected by the Bad Rabbit ransomware attack recover their files?
Since the Bad Rabbit ransomware attack is relatively new, researchers and informatics specialists are still working to find a way to recover lost files for affected users. The ransomware may have some critical flaws that could mean a small ray of hope for those affected.
Bad Rabbit doesn’t eliminate shadow volume copies of the affected (encrypted) files, with the intention of preventing the software of their system from recovering unencrypted data. And since the system hasn’t erased them yet, there is a slight chance that people can get back their lost assets.
Specialists recommend not to pay the ransom in case of a Bad Rabbit attack. A vaccination already appeared to help users protect their data, and experts in the subject are working to recover lost files, so these people don’t receive compensation for their shady acts.
Decryption passwords are another area of weakness when it comes to the Bad Rabbit ransomware. Still, the password gets cleared if and when the computer reboots, making the process of data recovery very complicated in spite of some isolated successful events.
In conclusion, there is a dangerous cyber-attack going on in Europe that functions like a ransomware and goes by the name of Bad Rabbit. Disguising behind an Adobe Flash update pop-up, it gets in your system when you download it and encrypts all your critical files and data.
These professional criminals of the web ask for a 0-05 Bitcoin ransom, which is something close to $290 according to the latest exchange rate. A cryptocurrency ransom for an encryption made by experts in cyber-terrorism is one of the world’s most painful coincidences.
However, by removing permissions from ‘infpub.dat’ & ‘cscc.dat’ files, you can vaccinate yourself and your system from this powerful attack that can result in lost files, pictures, videos, contact lists, and critical documents.
Of course, you should act before this malware gets into your life, not after. There are many ways to prevent the Bad Rabbit ransomware attack, and it all starts by getting antivirus software. If you already have one, make sure that you have it updated to the latest version.
You need to stay away from pop-ups prompting you to download Adobe Flash because it has long been one of the favorite targets of hackers and malware developers. Never follow the path “c:\windows\infpub.dat and c:\Windows\cscc.dat” when running files and convince yourself of making regular data backups, so in the event of an information loss, the blow would be much less severe.