It has been barely 4 months since almost the entire world was threatened by the ransomware Petya and NotPetya. Now a new ransomware known as BadRabbit has surfaced in several parts of Russia and Ukraine. As per initial reports, the ransomware has attacked the computer system deployed at the Odessa International Airport and Kiev Metro Station in Ukraine’s capital. The Russian news agency, Interfax also tweeted that some of its servers and computer system are also being affected by this ransomware and they are taking all effective measures to pull things back.
How It Gets Into The System:
For now, it is predicted that this ransomware came from the same authors which have designed Petya and NotPetya, as the same methodology was used for transmitting this ransomware. The big cybersecurity giants like Kaspersky and Eset stated that the ransomware was spread through drive by download attacks. The Adobe Flash installer which pretends to be legitimate, tricked victims to execute this malware, which in turn lock the system by encrypting the files.bh
How Much Ransomware Is Asked:
The ransom demanded by BadRabbit to decrypt the file is 0.05 bitcoin, which is approximately $280. However, still, there is no surety that the files will be unlocked after paying that ransomware. Also, the clock is ticking inside the warning message giving a deadline of 41 hours, which once passed will result in raising the ransom.
The biggest heart-breaking news is that still leading anti-malware and antivirus software are unable to detect this. However, in between all this bad news, a security researcher at Cybereason found tweeting that he has got the crack for this ransomware.
I can confirm – Vaccination for #badrabbit:
Create the following files c:\windows\infpub.dat && c:\windows\cscc.dat – remove ALL PERMISSIONS (inheritance) and you are now vaccinated. 🙂
He has provided the detailed description at his website.
However, though this is still not an official solution, hope that it would help the victims. Also, all security experts are advising the victims not to pay any ransom, as paying the money does not provide with the guarantee of ransomware removal.
Next Read: Locky Ransomware ‘Back from the Dead’
In the interim, we also recommend you to backup all your important data and update your antivirus and anti-malware software. As prevention is always better than cure.