Welcome to our post: Bad rabbit ransomware, Locks up or encrypt the data on your computer.
Ransomware is typically a piece of software which locks up or encrypts the data on your computer. As a result, you are unable to access the data and the authors of the ransomware then ask you to pay a certain amount of money before they provide you with the key or the password to decrypt the data.
In recent years, ransomware attacks have become increasingly frequent. The most recent of these attacks made use of the bad rabbit ransomware. This particular ransomware attack was primarily launched at the users in Russia and Ukraine.
What is bad rabbit ransomware?
The bad rabbit ransomware is a completely new ransomware. Although in many ways it is new and more advanced that its predecessors, it does build on the strengths of previous ransomware families. At the same time, it very effectively does encrypt the files and folders on a victim’s computer so that the victim is unable to access them unless he has a valid password.
The decryption password, according to the instructions on the lock-screen of the ransomware, can be found by paying the authors of the ransomware at a specific website.
Distribution of the ransomware
According to security analysts who have been tracking the spread of the bad rabbit ransomware, this particular variety of ransomware has been able to spread by infecting legitimate websites. The ransomware piggybacks on a legit website such a news website. When a visitor comes to the website, the ransomware downloads to the visitor’s computer.
The actual ransomware that is downloaded masquerades as an Adobe Flash installer. This is both misleading and tempting. The visitor thinks that the file is legit and then launches it to install.
It is important to note here that the bad rabbit ransomware does not install on its own and needs to be launched by the user to begin its installation. Once launched, the ransomware quickly installs various components including a disk encryption tool.
The codes for encryption are then sent from the ransomware server to the victim’s computer. The encryption tool uses these codes to encrypt the partitions on the computer, effectively blocking the users from accessing them.
Possibility of Decryption
A less robust or advanced ransomware can be cracked by making use of sophisticated security tools. This is most definitely not the case with the bad rabbit ransomware. This is a piece of fairly sophisticated and advanced ransomware.
Despite elaborate security analysis by the cybersecurity experts around the world, so far no method has been found to crack the ransomware. In other words, the victims who’ve had their data encrypted by this ransomware have no solution on their hands so far.
The ransomware authors claim that the data can be decrypted using the decryption password which will be provided upon the payment of ransom. This may or may not be true. Analysts have confirmed that the encryption of data is of such a nature that it can indeed be undone and the data decrypted using the right password. But whether or not the ransomware authors will supply this password upon payment remains to be seen.
There is a small possibility for data recovery without paying the ransom. If the victim’s computer had shadow copies feature enabled before the ransomware encrypted the partitions, it may be possible for the victim to restore the original versions of the files using a restore utility. However, this is possible only if the ransomware was stopped before encrypting the entire disk.