Bad Rabbit Ransomware


Bad Rabbit

Yet another dangerous Ransomware virus that goes under the name of Bad Rabbit has recently been reported and we are here to give you some basic and essential information about the new piece of malware so that you can protect your PC against it. This is believed to be a new variant of the Petya ransomware.

Bad Rabbit Ransomware

bad rabbit ransomware

We can also offer our readers a guide aimed at helping with the removal of the nasty virus so go ahead and take a look at it once you finish reading here. The guide manual is at the bottom of the present article.

The Bad Rabbit Virus

The Bad Rabbit virus is a ransomware that is used to extort money from its victims by locking their files or their whole PC and demanding a ransom payment. The Bad Rabbit Virus, in particular, is what is known as a Ransomware cryptovirus, which means that it uses encryption to block your access to the targeted user files. As the encryption is finished, the owner of the locked data is told that they would have to make a ransom payment to the attacker if they want to regain access to the inaccessible data.

In most cases, the victim is notified about the requested ransom via a pop-up message displayed on their screen or through a notepad generated on their desktop within there are also instructions on how to transfer the money.

The .RABBIT Ransomware

It is important for you to have a basic idea of how the .Rabbit Ransomware actually functions, which is why we will elaborate upon this topic in the current paragraph. The first thing that happens when the .Rabbit Ransomware lands on your machine and becomes active is it scans your hard drives and targets all files from a predetermined list of file formats.

Once the malware has localized each file that belongs to the list of file types, it goes on to make encrypted copies of the targeted data. After each copy is made, the original file are deleted from the user’s system which leaves the hacker’s victim with only the locked copies. The idea is that the user would receive the code to unlock those copies (which are identical to the originals) as long as they pay the demanded ransom.

Note: Here, it is important to note that paying the money does not guarantee the retrieval of the data – after all, you’d be dealing with anonymous criminals that you can certainly not trust whatsoever.

Ransomware detection

One very big issue that people have with Ransomware cryptoviruses like Bad Rabbit is that those are rather tricky to detect in time. Even though the malware tries to lock the user’s files, the method it uses to do that (encryption) isn’t actually a malicious one. Encryption is a commonly utilized data-protection technique and a lot of legitimate programs use it – due to this, a lot of antivirus programs might fail to spot the virus making it possible for the Ransomware to operate without getting detected whatsoever. Additionally, the potential symptoms that such a virus might trigger aren’t many and are in many instances very subtle and unnoticeable. For example, during the encryption your PC might start to use unusually high amounts of RAM and CPU as well as free hard disk space, but if the machine is more powerful, those would be rather difficult to spot as they won’t lead to a significant productivity slow-down.


One other important aspect related to Ransomware like Bad Rabbit is that the attackers who use it normally demand that the ransom is transferred in Bitcoins. This makes it pretty much impossible to trace the transaction as the Bitcoin currency us known for being practically untraceable. Bear that in mind if you contemplate making the payment – once you send the money, there’s pretty much no chance that you’d ever get them back regardless of whether you are sent the decryption key or not. Due to this, it is advisable to try any other options that you might have before going for the ransom. As we mentioned in the beginning of the article, there’s a guide below which might help you deal with a potential Ransomware threat. Bear in mind, though, that the success of the guide is not guaranteed for each instance of an attack by Bad Rabbit.

Prevention tips

The most crucial thing one needs to bear in mind when trying to improve the overall security of their system is what their regular online activities and habits are. Avoiding shady websites and learning to tell the difference between web spam and legitimate content is key to making your PC safer. Another thing that can greatly help against Ransomware in particular is file backups – a backup will keep your files safe and even if Ransomware attacks, you will still be able to access your valuable data through the backup device/location. Lastly, do not ignore the importance of having a good and fully updated antivirus program in order to stop other threats such as Trojans, which could be (and often are) used as backdoors for Ransomware.



Name Bad Rabbit
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Increase in the used RAM, CPU and hard-disk storage space, potential PC slow and overall unusual system behavior.
Distribution Method Ransomware hackers tend to use malvertising, spam Internet messages and illegal websites as their go-to distribution methods.
Data Recovery Tool Not Available
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

Bad Rabbit Ransomware Virus Removal


Bad Rabbit Ransomware

Restoring basic Windows functionality
Before you are able to remove the Bad Rabbit ransomware virus from your computer you need to be able to access it in the first place. Since the ransomware will prevent Windows from booting itself your first job is to repair the Master Boot Records (MBR) of your drive.
To do that you’ll need your original Windows OS DVD (or an USB bootable drive for advanced users)
  1. Insert the DVD (or the USB) into the computer, then run the computer and choose to boot the OS from the DVD/USB. You may have to change Windows boot priorities from the bios by pressing Del
  2. When Windows boots from the DVD/USB select Windows Repair
  3. Open the Command Prompt and write the following commands inside:     enter: bootrec / fixmbr, bootrec / fixboot and bootrec / rebuildbcd
  4. Your Windows OS should now be able to boot normally. You can proceed with the removal of the virus as usual.


Bad Rabbit Ransomware


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

Bad Rabbit Ransomware

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Bad Rabbit Ransomware
Drag and Drop File Here To Scan
Bad Rabbit Ransomware
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.

    Bad Rabbit Ransomware

    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

    Bad Rabbit Ransomware

    If there are suspicious IPs below “Localhost” – write to us in the comments.

    Type msconfig in the search field and hit enter. A window will pop-up:

    Bad Rabbit Ransomware

    Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

    • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.

    Bad Rabbit Ransomware

    Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

    Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

    Type each of the following in the Windows Search Field:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!

    Bad Rabbit Ransomware 

    How to Decrypt Bad Rabbit files

    We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.


      • These IP’s are not supposed to be in the Hosts file in your computer so you should delete them from there and then save the changes. After doing so, proceed with the rest of the guide.

    Leave a Comment