The Bad Rabbit ransomware, which infected companies in the communications and transportation sectors in Ukraine and Russia last week, may already have a solution. Amit Serper, a researcher at the digital security company Cybereason, claims to have created a vaccine against malware. According to the expert, the solution prevents the malicious code from starting the encryption of the computer’s files, avoiding the so-called «hijacking of the machine» with Microsoft system.
Read more safety tips
Protection is created with Windows features and does not require downloading external software. Therefore, the vaccine can be created and applied by anyone, blocking the infection even if the virus has already been downloaded from a compromised website. Works on any version of the PC operating system.
What is ransomware: five tips to protect yourself
You can do this quickly by starting cmd.exe as an administrator.
First, the user must create two DAT extension files (infpub.dat and cscc.dat) using the string “echo“ ”> c: windows cscc.dat && echo“ ”> c: windows infpub.dat” (without quotes) at the Windows command prompt.
- More details on the Cybereason website (cybereason.com/blog)
Then, you must remove all permissions for the items through Windows Explorer. According to Serper, the provision is sufficient to create a barrier against the virus.
Two DAT files work as a vaccine against Bad Rabbit on Windows – Photo: Reproduction / Cybereason
Remember the Bad Rabbit case
Bad Rabbit arrived in Brazil on Wednesday (25) after causing delays at Ukraine’s Odessa airport and affecting several media outlets in Russia, including news agencies Interfax and Fontanka.ru. Then, the malware affected the Ukrainian metro system in the capital Kiev. Experts from Kaspersky and ESET found that the threat shares part of the Not-Petya code, leading to the belief that the same hackers are also involved in this case.
The Bad Rabbit ransomware infects computers through a drive-by attack, which offers a fake Adobe Flash Player download on a compromised web page. When downloading the alleged update of the plugin, the ransom takes care of the PC and encrypts the user’s files. At the end, it displays an alert asking for redemption in the form of 0.05 bitcoins, equivalent to US $ 290 at the current quote. The notice informs the payment instructions and shows an accountant who pressures the victim to make the payment – considered extremely inadvisable.
The attack has nothing to do with the actual Flash Player. Adobe has already decreed the end of the plugin for 2020, although it still offers the download on the official page. The current recommendation, however, is not to use or update via pop-ups, giving preference to HTML5, a more modern and secure technology. If the plugin is required, check that the computer already has the latest version installed and, if necessary, choose to download the extension directly from the Adobe website.