BadRabbit ransomware spreads via the Remote Desktop Protocol (RDP) and/or Server Message Block (SMB) protocols which allow PCs and other devices to ‘talk’ to each other across a network.
Many anti-viruses provide protection against ransomware Bad Rabbit.
Symptoms : Infected PC might have following message on screen
Disable your anti-virus and anti-malware programs
Oops! Your files have been encrypted.
If you see this text, your files are no longer accessible. You might have been looking for a way to recover your files. Don’t waste your time. No one will be able to recover them without our
decryption service.
We need to guarantee that you can recover all your files safely. All you need to do is submit the payment and get the decryption password.
- Data on affected systems is encrypted.
- The user is instructed to visit a domain (caforssztxqzf2nm.onion) on the TOR network. The payment page looks like this:
- File extensions that are know to be affected by the encryption are:.3ds .7z .accdb .ai .asm .asp .aspx .avhd .back .bak .bmp .brw .c .cab .cc .cer .cfg .conf .cpp .crt .cs .ctl .cxx .dbf .der .dib .disk .djvu .doc .docx .dwg .eml .fdb .gz .h .hdd .hpp .hxx .iso .java .jfif .jpe .jpeg .jpg .js .kdbx .key .mail .mdb .msg .nrg .odc .odf .odg .odi .odm, .odp .ods .odt .ora .ost .ova .ovf .p12 .p7b .p7c .pdf .pem .pfx .php .pmf .png .ppt .pptx .ps1, .pst .pvi .py .pyc .pyw .qcow .qcow2 .rar .rb .rtf .scm .sln .sql .tar .tib .tif .tiff .vb .vbox .vbs, .vcb .vdi .vfd .vhd .vhdx .vmc .vmdk .vmsd .vmtm .vmx .vsdx .vsv .work .xls .xlsx .xml .xvd .zip
What you should do:
- Update your internet security software
New viruses and threats appear all the time, so it is important to keep your security software up-to-date. Mostly anti-viruses are designed to ‘auto update’ to ensure that you always have the latest protection, but you can verify your software is up-to-date at any time. - Apply Microsoft Windows security updates
Ensure that your Windows operating system is fully up-do-date:
- Click the Start button on the bottom left of your Windows desktop.
- In the search box:
- Type Windows update.
- Press ENTER.
- Click Check for updates.
- Follow the prompts. Windows will download and apply any important updates.
How can you avoid becoming a victim of ransomware?
- Think before you click. If you receive an email that contains an attachment, think twice before clicking on it. If you were not expecting it or it looks suspicious, delete it, even if it appears to come from someone you know. You can always ask them to send it again if it is legitimate.
- Back up your files. Always make sure your files are backed up. That way, if they become compromised in a ransomware attack, you can wipe your disk drive clean and restore your data from the backup. Remember, backups can also get infected, so you should disconnect your backup drives from your PC when possible to prevent this from happening.
- Update your PC and devices. Ensure that your PC’s operating system is up-to-date. Software updates and ‘patches’ contain security improvements that help to secure your PC and make it more difficult for ransomware and viruses to infect it.
No More Ransom aims to help victims of ransomware retrieve their encrypted data without having to pay the criminals. For more advice call us tollfree +1-800-742-9005.
