Vaccine Found for ‘Bad Rabbit’ Mess Ransomware Attack Against Eastern Europe

“Bad Rabbit”, a new mass ransomware attack sweeping Russia and Ukraine, and other Eastern European countries.

The cyber attack that broke out last night in, shut down an airport in Odessa, the Kiev subway, the Ministry of Infrastructure of Ukraine, three news agencies in Russia. It hits other businesses in Turkey, Germany, Bulgaria and continues to other countries.

This is a new version of Notpetya, which caused great damage worldwide last June.

The identity of the anonymous assailant is not yet certain, but when the malicious code was decoded, the names of figures from chess games such as Visserion, Rangel, Dargo and the mysterious attacker appeared to be a fan of the series.

Victims of the attack are sent to the page explaining how to access encrypted files by transferring a ransom payment of 0.05 bits equivalent to $286.

The screen combines a timer program that performs a 41-hour countdown and at the end of the period, the files will be permanently deleted if the ransom is not paid.

The malware contains computer shutdown technologies developed by the US National Security Agency and leaked to the network for hacker abuse.

According to the Group-IB, Group-IB, a Russian-based cybercrime prevention, and investigation company said in order to prevent the virus from encrypting files, a user needs to create a read-only file C:\windows\infpub.dat.

“After that, even in case of contamination, the files will not be encrypted,” the company said.

Also the  Isreali Amit Serper, principal security researcher of Cybereason, has found a vaccine. See instructions below:

I can confirm – Vaccination for #badrabbit:
Create the following files c:\windows\infpub.dat && c:\windows\cscc.dat – remove ALL PERMISSIONS (inheritance) and you are now vaccinated. 🙂 pic.twitter.com/5sXIyX3QJl

— Amit Serper​ (@0xAmit) October 24, 2017