Can I Recover My Files Without Paying Ransom After A Bad Rabbit Attack?

Computer & internet

2017 remained quite a tough year for cyber security experts. Nowadays hardly anything is secure from malicious programs. Number of data breaches is increasing at an alarming task. Bad Rabbit Malware was first spotted on October 24, 2017. After WannaCry and NotPetya, this was the third big malware attack in 2017. It falls into the category of ransomware. Ransomware is an umbrella term. Different malicious programs come under it. Typically a ransomware takes control of your data that is within your computer making it inaccessible to you. You will have to pay the ransom if you want your data back. Businesses as well as average consumers are targeted by the malware. Apparently the attack is indiscriminate. It is spreading across the world very fast. The ransomware attacked consumers and organizations in Russia  and Ukraine.

What is Bad Rabbit?

It spreads through ‘drive-by attack.’ Websites that are insecure are in danger of being compromised. It looks normal. The target visits a legitimate website and what happens then? A malware starts downloading out of the infrastructure of the threat actor. This analysis was conducted by Kaspersky Lab.

How it works?

They use no exploits. The target downloads it itself by clicking right on the malware dropper. The target gets duped. The malware dropper is hidden in the picture of an Adobe Flash installer. It instantly starts encrypting the files on your computer. It is not installed automatically. You have to click on it to download.

What happens after the click?

Your computers starts locking up instantly. You will receive a ransom note. The payment range demand is within the range of $280. You will have to pay in bitcoins. The deadline for the payment is set on 40 hours. They are using DiskCryptor software to encrypt your hard drive. You files will be encrypted with the following algorithm scheme.

  1. AES-128-CBC
  2. RSA-2048

Who is the Target?

According to reports most targets are located in Russia. But similar attacks have been recorded in Turkey, Germany and Ukraine as well.

Is it Possible to Recover Data After the Attack?

Researchers at Kaspersky Lab are of the view that it is possible to recover your data without paying ransom to the hackers. The process is complicated and your success is also not guaranteed. Nothing is without flaws. Same is the case with Bad Rabbit. Users can exploit the flaw in the malware in order to get out the password that can decrypt your data. As stated by the team at Kaspersky: “We have discovered that Bad Rabbit Malware does not delete shadow copies after encrypting the victim’s files. It means that if the shadow copies had been enabled prior to infection and if the full disk encryption did not occur for some reason, then the victim can restore the original versions of the encrypted files by the means of the standard Windows mechanism or 3rd-party utilities.”

Bad Rabbit doesn’t delete shadow copies when it encrypts your files. If you had enabled shadow copies and if Bad Rabbit failed to do full disk encryption, you may be able to restore the original files.

Leave a Reply

Your email address will not be published. Required fields are marked *