> How to > Computer Instruction > Protect, Resist and Block Bad Rabbit Ransomware Attack/Infection

Protect, Resist and Block Bad Rabbit Ransomware Attack/Infection

Updated on Jul 12, 2019 by Tracy King to Computer Instruction

Summary:
New ransomware called Bad Rabbit is now taking over computers across Europe. If you don’t want to be the next victim or if your machine has been locked by this ransomware, don’t worry. It’s high time you take action to protect, resist and block Bad Rabbit from attacking your PC, laptop and personal data now. Just follow offered solutions here to resist Bad Rabbit attack and restore your machine and data from Bad Rabbit infection now.

The third major ransomware named Bad Rabbit out-broke this Tuesday - Oct 24th, 2017, which has brought huge loss to major countries, infecting PC/laptop etc machines, encrypting files/data and asking 0.05 bitcoin (around $285) for decryption. Now Russia, Ukraine, Germany, Turkey etc have become the victim of Bad Rabbit. 

Bad Rabbit Ransomware infection.

If you haven't meet this ransomware, don't think that you are the lucky baby. You may soon be the next victim. If you have got infected by Bad Rabbit, don't worry. 

Warning
Don't pay a tiny bitcion for decrypting your files and data!

Here below in this page, we'll tell you what is Bad Rabbit, how does it work to infect PC/laptops and blackmail users, how to block, prevent, resist, avoid Bad Rabbit attacking your PC/laptop/data and how to restore machine and decrypt files/data from Bad Rabbit infection.

Protect PC and data from Bad Rabbit infection.

What is Bad Rabbit?

Bad Rabbit, also called Dubbed Bad Rabbit, which appears to be the third outbreak of ransomware of this year, started infecting systems on Tuesday 24 October. 
Bad Rabbit targets enterprise networks by employing similar methods that NotPetya used to infect computers this June, which brought cyber-attack on organizations and cross Russia, Ukraine, Germany, Turkey, Poland, South Korea etc countries, which has resulted in serious loss and panic around the world. 

How do Bad Rabbit work and attack users?

So how does Bad Rabbit work to attack and infect machines, blackmail users for bitcoin?

According to researchers, it's found that Bad Rabbit and NotPetya's DLL share 67% same code, which means that Bad Rabbit is based on Petya/NotPetya.
The main way that Bad Rabbit spread is drive-by downloads on hacked websites, fading as a new Adobe Flash update with a dropper for the malicious install. Of course, it is not a Flash update at all.

Bad Rabbit infection situation.

And it's predicted that this ransomware can spread across networks and propagate without user interaction later. 
It's also said that infected machines will be embedded a Trojan virus called Mimikatz for monitoring users passcodes, personal and private information.

So to avoid an even worse situation and protect your machine - computer, laptops, important data and personal privacy against Bad Rabbit attack, it's high time for us all to take action resist and block this ransomware.  

How to block, resist, avoid and protect PC/laptop and data from Bad Rabbit Ransomware attack?

If your PC, laptop etc machine didn't get infected by Bad Rabbit, don't worry about being attacked by this ransomware. You'll find 3 reliable and effective methods to protect your computer system and personal data from Bad Rabbit attack. Follow to block Bad Rabbit from attacking your machine and data now:

Method 1. Create system and data backups to avoid Bad Rabbit infection and encryption

In order to avoid important files and data being encrypted and computer being taken over by Bad Rabbit infection, it's highly recommended for you all to create a system image and data backups in advance. With system and data backups, you can simply restore system and get data back at once when Bad Rabbit attacks your PC without even pay a bitcoin or dollar.

Professional Windows backup and recovery software - EaseUS Todo Backup will effectively help you backup Windows system and important data to external hard drive with simple steps. Just free download, install and apply it to backup Windows system and important files right now:

It's highly recommended for you to create system backup and data files to an external storage device so to avoid Bad Rabbit infection.

  1. Step 1. Connect external storage device to PC;
  2. Launch EaseUS Todo Backup and choose the backup option - System Backup or File Backup.

Create system and data file backup to avoid Bad Rabbit.

Step 2.Choose the system, hard drive, files or apps that you want to backup;
And then select a destination where you want to store the backup system or file backup image. 
Click Proceed to complete the process.

Backup System and data to avoid Bad Rabbit infection.

It's also recommended for you to turn on the PreOS feature on EaseUS Todo Backup Tools column, which will allow you directly reboot the computer from EaseUS Todo Backup and immediately backup important data into a third storage device once Bad Rabbit has attacked and taken over your machine.

Method 2. Block and avoid Bad Rabbit attack/infection

After backing up system and important files, you may now change some settings on your PC to clock and avoid Bad Rabbit from installing automatically online and infect your PC machines:

Step 1. Disable/ignore download and install unknown or suddenly popped-up Adobe Flash update

Adobe Flash Player has long been a favorite of cybercriminals, keeping finding security holes in the software and also being used to attack users or disguise malware as the Flash Player installer.
So if you received a suddenly popped-up window or reminding you to install a new Adobe Flash update, just don't install it. It would save you from being attacked by the Bad Rabbit.

Prevent downloading or installing unknown Adobe Flash update.

Step 2. Shut down TCP 137, 139 and 445 ports

As it's been known that Bad Rabbit can also infect users through network ports like TCP 137, 139 and 445 etc ports. 
Therefore, please do remember to enable Windows firewall and shut down 137, 139 and 445 TCP ports from network so to restrict and cut the access of Bad Rabbit online.

Step 3. Disable device network sharing service in Windows system

1. Type: service.msc in the Search and hit Enter;
2. Enter Service window and find Server from the service list;

Disable network share service to block bad rabbit.

3. Right-click on Server and select Properties > Select Disabled in Startup type;

Find and disable Server service.

Block Bad Rabbit from infecting Server service.

After this, you shall also disable Windows default sharing feature in Registry with below steps:

1. Type: regedit in Search and hit Enter to open Registry Editor;
2. Navigate to: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters;
3. Right-click to change AutoShareServer and AutoShareWks DWORD32 volume to 0;

If you don't have these two volumes in Parameters, right-click to create them in the window and mark the volume as 0.

Disable Windows network share service.

After this, reboot PC.

Step 4. Disable Windows WMI service

1. Type: service.msc in the Search and hit Enter;
2. Find WMI service in the list and right-click on it, select Properties;

Disable WMI service.

3. Select Disabled in Startup type column and save all changes.

Disable WMI service to block Bad Rabbit attack.

After this, do remember to reboot PC to keep all changes.

Step 5. Install and run antivirus software to cleanup unknown virus/malware like Mimiktza Trojan

As Bad Rabbit will embed a Trojan named Mimiktza to monitor your personal information and password etc privacy. So it's highly necessary for you to install antivirus software and run it to clean up unknown virus and malware so to fully protect your PC, data and personal information from Bad Rabbit infection. 

Method 3. Create a vaccine to prevent/resist Bad Rabbit ransomware from infecting machines and encrypting files/data

According to Cybereason researcher, it's recommended that Bad Rabbit can also be vaccinated creating two files in c:\windows: infpub.dat and cscc.dat.

You can apply CMD command to create a vaccine to prevent and resist Bad Rabbit ransomware from infecting machines and encrypting your files now:

1. Right-click Start and select Command Prompt (Admin);

Run CMD to create vaccine to Bad Rabbit.

2. Login with your administrator account and password;
3 .Type: echo “” > c:\windows\cscc.dat&&echo “” > c:\windows\infpub.dat and hit Enter each time;
4. Right-click each file and select properties to remove all their permissions;

Remove permissions to created files to block Bad Rabbit.

5. Select the security tab and click Advanced;

Block Bad Rabbit by changing created files permission.

6. Click Change Permissions and uncheck Include inheritable permissions from this object's parents box;

Change permissions of created files.

7. Click Remove;

Remove permissions of created files.

Note: Do remember to repeat this operation on both two files that you've created. 

If you are running Windows 10, repeat the same steps instead of unchecking the inheritance box, click Disable inheritance button;

Disable permission of created files.

And then select Remove all inherited permissions from this object. 

Remove inheritance of created files.

Above mentioned methods will effectively help you protect your Windows computer and personal data from Bad Rabbit infection or attack. 

How to restore infected machine and encrypted data from Bad Rabbit attack?

So if you've infected Bad Rabbit, how to restore the infected machine - laptops or PC and encrypted files and data? Right here, we got several simple ways for you to try:

1. Restore infected machine - PC/laptop from Bad Rabbit Ransomware infection

Method 1. Restore Bad Rabbit infected machine from previously created system image

If you've created a system image with EaseUS Todo Backup or created a Windows repair disk, you can try to restore infected Windows PC by restoring Windows from system image or repair disk. 
Here you may follow this tutorial to try to restore infected Windows PC:

If you've created a Windows system image and enabled PreOS feature in EaseUS Todo Backup, you can follow below tips to repair your infected machine back to work now:

Step 1. Remove all network connections and connect device which contains your current Windows system image to the infected PC;
Step 2. Reboot PC and set to boot from EaseUS Todo Backup;

Step 3. Enter EaseUS Todo Backup main interface and click Browse to Recover;

Restore Bad Rabbit infected Machine.

Step 4. Select the system image that you've created to restore system back on your PC.
Just follow the onscreen guidelines to finish the process.
Step 5. After this, you shall turn on the firewall in Windows and run antivirus tools to remove and cleanup Bad Rabbit from your PC.

If you didn't back up Windows system nor installed EaseUS Todo Backup, you can download it on a healthy PC and follow below tips to restore your infected machine now:

Step 1. Create an emergency bootable disk and create a system image backup with a new PC which runs the same OS as yours with EaseUS Todo Backup;
Do remember to store the image to an external storage device.
Step 2. Remove all network from your current PC and connect the emergency disk to your PC;
Step 3. Force to reboot PC and set to boot PC from EaseUS Todo Backup and then repeat Step 3, 4 and 5 as above mentioned.

Method 2. Restore Bad Rabbit infected PC/laptops by formatting partition from bootable disk and cleaning install Windows system

If you don't want to keep all existing files and data on your PC or laptop, and just want to thoroughly remove the Bad Rabbit, you may try below tips for help:

Step 1. Create a WinPE bootable disk with EaseUS Partition Master on a healthy PC which runs the same OS as your current computer;
Step 2. Reboot PC and set to boot from WinPE bootable disk;
Step 3. Enter EaseUS Partition Master interface and then find all infected partitions, right click on them and select Format partition;

Restore Bad Rabbit infected PC and laptop.

Follow onscreen guidance to complete the process.
Step 4. Then you can perform a clean install of Windows system to restore your Bad Rabbit infected computer to work normally again.

2. Restore and decrypt Bad Rabbit infected/encrypted files and data

If you've removed Bad Rabbit and just need a way to decrypt infected files, please follow this tutorial to decrypt Bad Rabbit infected/encrypted files and data so to get all your files back now.