The “Bad Rabbit” is a ransomware worm that appeared on 24 October, hitting most of corporate networks located in Ukraine and Russia, with small infections spread to Turkey, Bulgaria, Japan, Germany, Poland, South Korea and US.
This worm is an extremely modified version of NotPetya worm that spread in eastern Europe this summer, in June.
According to reports, it seems that all antivirus software should detect this worm and stop it from infecting the machine. There is also a way to ‘vaccinate’ the machine against such malware, and we’ll tell you below, but first let’s understand how this malware works its way to your PC.
“Bad Rabbit” At Work
When a user runs a fake Adobe Flash Player installer that was used on a hacked website, the Bad Rabbit will hop and infect the machine. Apparently, the malware was found at the beginning on a Russian-language site for news and that it started infecting visitors. The same thing happened on websites based in Denmark, Turkey and Ireland that got corrupted with the fake installer. After it spreads through a network, it encrypts Windows Office files, images, videos, audio, email and archives, it replaces the Master Boot Record, reboots the machine and shows you a ransom note through which it asks the user to send 0.05 bitcoin (approximately $280).
Vaccinate Your PC Against Malware
In a Tweet, Amit Serper, a researcher at Cybereason, informed the public that you can ‘vaccinate’ your PC and make it immune, by creating this file: c:\windows\infpub.dat && c:\windows\cscc.dat – remove ALL PERMISSIONS.
It seems that by creating this file, the Windows 10 machine will not be in any way negatively affected.
Right now, if you are running an antivirus software, Bad Rabbit will be stopped. As for the businesses that have been affected, the malware was controlled, and it was taken offline.