Cybereason researcher discovers vaccine for Bad Rabbit ransomware

Cybereason researcher Amit Serper has developed a vaccine to prevent the Bad Rabbit data-encrypting malware from infecting machines.

Bad Rabbit, which spread across Europe on Tuesday, targets enterprise networks by employing similar methods that NotPetya used to infect computers around the globe in June. Bad Rabbit’s full impact is still unknown. So far, the attack has affected airports, news agencies and train stations in the Ukraine, Russia, Turkey and Germany, according to media reports

Here’s the encryption screen: 

Pasted image at 2017_10_24 04_53 PM.png

Serper and Cybereason researcher Mike Iacovacci suggest taking these measures to prevent getting infected by Bad Rabbit. 

First, create these two files in c:\windows:

infpub.dat
cscc.dat

You can do that really quickly by starting cmd.exe as an admin:

image4.png

Then type the following commands:
echo “” > c:\windows\cscc.dat&&echo “” > c:\windows\infpub.dat

Next, remove all their permissions by right clicking each file and selecting properties:

image7.png

Then select the security tab:

image3.png

Now click advanced, opening the following window:

image2.png

Click change permissions, opening the following window:

image5.png

Then, uncheck the “Include inheritable permissions from this object’s parents” box.
After you do that, the following window will pop up. Click “remove”.

image6.png

You are now done. Remember to perform this action for the two files you created.

If you are running Windows 10, repeat the same steps but instead of unchecking the inheritance box, click the “disable inheritance button”:

image8.png

And then select “Remove all inherited permissions from this object”:

image1.png

 

Source: cybereason.com

Skip to toolbar