Cybereason Blog | Cybersecurity News and Analysis

Cybereason Researcher Discovers Vaccine for Bad Rabbit Ransomware

Written by Lital Asher-Dotan | Oct 24, 2017 8:32:03 PM

Cybereason researcher Amit Serper has developed a vaccine to prevent the Bad Rabbit data-encrypting malware from infecting machines.

Bad Rabbit, which spread across Europe on Tuesday, targets enterprise networks by employing similar methods that NotPetya used to infect computers around the globe in June. Bad Rabbit's full impact is still unknown. So far, the attack has affected airports, news agencies and train stations in the Ukraine, Russia, Turkey and Germany, according to media reports.

Here's the encryption screen:

Serper and Cybereason researcher Mike Iacovacci suggest taking these measures to prevent getting infected by Bad Rabbit.

First, create these two files in c:\windows:

infpub.dat
cscc.dat

You can do that really quickly by starting cmd.exe as an admin:



Then type the following commands:
echo “” > c:\windows\cscc.dat&&echo “” > c:\windows\infpub.dat

Next, remove all their permissions by right clicking each file and selecting properties:



Then select the security tab:



Now click advanced, opening the following window:

Click change permissions, opening the following window:


Then, uncheck the “Include inheritable permissions from this object’s parents” box.
After you do that, the following window will pop up. Click “remove”.



You are now done. Remember to perform this action for the two files you created.

If you are running Windows 10, repeat the same steps but instead of unchecking the inheritance box, click the “disable inheritance button”:



And then select “Remove all inherited permissions from this object":