BadRabbit Ransomware

The BadRabbit Ransomware is an encryption ransomware Trojan that seems to be related to Petya, a high-profile Trojan that received widespread attention after it carried out devastating attacks in Ukraine and other European counties. The BadRabbit Ransomware has been responsible for various attacks in Kiev, as well as numerous organizations in Turkey, Russia and Germany. Apparently, the use of the BadRabbit Ransomware was implemented through backdoor access to various websites, which may have been obtained through the use of corrupted WordPress plugins. Visitors to the websites would receive a pop-up notification that prompted the victim to install a fake Adobe Flash update (a typical way of delivering threats). The victim would receive the following notification:

'An update to Adobe Flash Player is available.
This update includes improvements in usability, online security and stability,
as well as new features which help content developers deliver rich and engaging experiences.
Did you know...
The top 10 Facebook
Most of the top
Flash Player
Note: If you have selected to allow Adobe install update, this update will be installed on your system automatically.
[REMIND LATER|BUTTON] [INSTALL|BUTTON]'

How the BadRabbit Ransomware may be Installed

Regardless of the button clicked in the above message, a file named 'Uninstaller 27.0' is downloaded on the victim's computer. This will display a program window that looks like an updated for the Adobe Flash Player. However, this is just to hide the BadRabbit Ransomware's true attack, which involves connecting to its Command and Control servers and the download of a program named 'DiskCryptor,' which is used to encrypt the victim's files. The BadRabbit Ransomware uses the AES 256 encryption to encrypt the victim's drive, which makes the victim's files inaccessible. The BadRabbit Ransomware, apart from encrypting the victim's files, has an interesting ability that involves spreading through SMB connections, an ability observed in the WannaCry, which may have been a precursor of the BadRabbit Ransomware. The BadRabbit Ransomware uses rootkit-like functionality to infect the victim's computer at the highest level possible, encrypting the victim's entire drive. The BadRabbit Ransomware does not need Windows to remain functional to deliver its ransom note since the BadRabbit Ransomware changes the infected computer's BIOS message so that it displays the following text on the infected computer when it reboots:

'Oops? Your files have been encrypted.
If you see this text, your files are no longer accessible. You might have been looking for a way to recover your files. Don't waste your time. Ho one will be able to recover them without our 'ecryption service.
We guarantee that you can recover all your files safely. All you need to do is submit the payment and get the decryption password.
Visit our web service at caforssztxqzf2nm.onion
our personal installation key#1:
[358 RANDOM CHARCTERS]
If you have already got the password, please enter it below.
Password#1:_'

Dealing with a BadRabbit Ransomware Infection

The victim is expected to use a different computer and the TOR browser to pay a ransom of approximately 300 USD at the current exchange rate. However, agreeing to pay the ransom just allowing these crooks to continue developing and distributing the BadRabbit Ransomware. Unluckily, there is no way to restore the affected files without a decryption key that the crooks hold in their possession. If the BadRabbit Ransomware has infected your computer, it will be necessary to wipe the infected hard drive thoroughly and reinstall the Windows operating system. Because of this, the best protection against the BadRabbit Ransomware and similar threats is to have backup copies of your files. Backups allow you to recover from the BadRabbit Ransomware by restoring your files from the backup after wiping your hard drive completely. Computer users without backup copies of their data may not have any recourse to recover their files since payment is unlikely to yield positive results.

SpyHunter Detects & Remove BadRabbit Ransomware