Bad Rabbit Ransomware: How To Stop Malware From Attacking Your Computer

A new, potentially destructive ransomware called Bad Rabbit hit parts of Russia and Ukraine on Tuesday and spread across computer systems in Eastern Europe. The attack is similar to the Petya/NotPetya attack that took place earlier this year targeting the same geographical locations.

The attacks seem to be a ‘drive by attack’ in which hackers plant malicious scripts or code into an insecure web page. Opening this web page automatically downloads a software which then encrypts the PC and sends over a message demanding a ransom for a password which will decrypt it and let the user access the PC.

The attack has affected the Kiev metro, the Odessa airport in Ukraine, and many media organizations in Russia. No major outages or affected PCs were reported in the United States.

According to Yevgeny Gukov, a cybersecurity expert based in Moscow-based Group IB software company, the ransomware attacks large corporate networks.

"Based on our investigation, this has been a targeted attack against corporate networks, using methods similar to those used during the [NotPetya] attack," he stated in a statement on the attack on Group IB’s website.

While there are not many solutions available for Bad Rabbit currently, Amit Serper, a malware researcher at software company Cybereason, claims to have a ‘vaccination’ for the that immunize your PC against a Bad Rabbit infection.

"Create the following files c:windowsinfpub.dat && c:windowscscc.dat - remove ALL PERMISSIONS (inheritance) and you are now vaccinated. :)" Serper tweeted Tuesday.

The solution involves creating two generic data files — “infpub.dat” and “cscc.dat” and removing all write permissions for these files.

.DAT files are not associated with any particular program and work with only the application that created them. Installing the particular files suggested by Serper, will remove all permissions to such file and block the Bad Rabbit ransomware from installing.

To perform this immunization, you will need to have administrator rights to a PC. It will also require knowledge of programming and PC permissions, which will make sure that no users have the read, write or execute permissions on your PC.

In case you don’t have such knowledge, Cybereason has posted a step by step guide on its website explaining what needs to be done.

However, this solution can only act as a protection against a Bad Rabbit cyberattack — the company hasn’t offered a solution for a situation in which a PC is already affected.

This year has seen a spate of major cyber attacks starting with the WannaCry ransomware which hit many parts of Europe. The Petya/NotPetya attacks took place in June and spread across the globe.

Many of these attacks, including one that targeted the U.S. presidential election in 2016 and the French presidential election in 2017, are attributed to Russian hackers as a result of which the U.S. government even placed a ban on the use of the security software made by the Russia-based cybersecurity company Kaspersky in September.