{"id":6666,"date":"2019-02-14T17:32:39","date_gmt":"2019-02-14T12:02:39","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=6666"},"modified":"2021-02-24T15:07:38","modified_gmt":"2021-02-24T09:37:38","slug":"bad-rabbit-ransomware","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/bad-rabbit-ransomware\/","title":{"rendered":"Bad Rabbit \u2013 What you need to know about this ransomware and its prevention?"},"content":{"rendered":"
\n\"Bad<\/p>\n<\/div>\n

Ransomware is a malicious software, that secretly downloads on to a computer and warns the user to delete or revoke access to their data. When the hacker has full control of the computer or network, they demand a ransom normally through cryptocurrency to restore the access to the files.<\/p>\n

Of late, the ransomware attacks are increasing drastically, with this the enterprise data has become more vulnerable to cybercriminals in recent years. Thereby, it is important to have an antivirus program installed on computers, systems, and corporate network to evade all types of cyber-attacks. Bad Rabbit is one of the ransomwares that lurks to distribute the victim’s data or perpetually block access to it unless a ransom is paid.<\/p>\n

What is Bad Rabbit?<\/h2>\n

Bad Rabbit is a suspected variant of Petya ransomware. This malicious software infects computers and restricts user access to the infected systems until a ransom is paid to decrypt it. It is important to have virus protection software in place to steer clear from this online danger.<\/p>\n

How does Bad Rabbit ransomware work\/spread?<\/h2>\n

BadRabbit spreads via drive-by downloads on infected websites. In most cases of BadRabbit infections, visitors are tricked into clicking the malware by falsely alerting them that their Adobe Flash player requires an important update.<\/p>\n

BadRabbit uses Mimikatz (a post-exploitation tool) to extract common hard-coded login credentials such as Admin, Guest, User, root, etc. In some cases, BadRabbit ransomware<\/a> uses a legitimate tool called DiskCryptor, to encrypt the victim\u2019s data.<\/p>\n

Once the victim\u2019s computer is infected with BadRabbit ransomware and their data encrypted, the ransomware reboots the computer and a message with the title “Oops! Your files have been encrypted” is displayed after reboot.
\nThe Target<\/p>\n

When the Bad Rabbit was initially found in the wild, it targeted mainly users in Russia. Relatedly, attacks were reported in other countries namely Ukraine, Turkey, and Germany.<\/p>\n

How to stay protected from Bad Rabbit Ransomware?<\/h2>\n

Be it Bad Rabbit or any other ransomware people who fall victim shouldn’t pay the fee, as it will only encourage the growth of ransomware. Here are a few good security practices to follow that can prevent ransomware infection.<\/p>\n