Data Recovery Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

Is It Possible to Recover Data After a Bad Rabbit Malware Attack?

It’s been a rough year for cyber-security experts. From an increasing amount of data breaches to malicious programs of escalating sophistication, today’s networks are susceptible to more threats than ever before – and that doesn’t even consider the growing concern of ransomware.

An umbrella term that’s used to describe many different malicious programs, ransomware typically takes hold of the data within a computer and makes it inaccessible until the owner pays a ransom. Average consumers and businesses have all been targeted – it’s an indiscriminate attack that is quickly becoming a worldwide epidemic.

Introducing Bad Rabbit

Gaining prevalence in late 2017, one of the most recent forms of ransomware is known as Bad Rabbit. It originated in Russia and Eastern Europe, but quickly found its way to systems all over the world. The fast reaction of IT experts has minimized the damage caused by Bad Rabbit thus far, and most of the attacks have been confined to Russia and the Ukraine.

Despite the relatively low number of attacks outside of Russia, developers with Avast Antivirus reported several Bad Rabbit infections within the United States. They explained this in a recent blog post by stating: “While the U.S. and other central and eastern European countries, including Poland and Romania have also been affected, the number of encounters in these countries, including the U.S., were much lower than what we have observed in Russia. However, at the time of writing, we calculate a detection rate of only one percent or less in each of these regions.”

Recovering Files Without Paying a Ransom

According to researchers at Kaspersky, it may be possible to recover data without paying the ransom demanded by Bad Rabbit. It’s a rather complicated process and success isn’t guaranteed – but a flaw within the malware itself can be exploited by a keen user to extract the decryption password needed to regain access.

But that might not be the only method to recovering your files – but this one does require a little bit of luck. As stated by the team with Kaspersky: ''“We have discovered that Bad Rabbit does not delete shadow copies after encrypting the victim's files. It means that if the shadow copies had been enabled prior to infection and if the full disk encryption did not occur for some reason, then the victim can restore the original versions of the encrypted files by the means of the standard Windows mechanism or 3rd-party utilities.”''

While your chances of recovering data without paying the ransom are slim, these tricks are worth the time and effort involved – especially if you’re trying to restore access to an enterprise or multi-user system. As always, maintaining proper network and data security is your best bet when trying to avoid attacks like this.

Finding Out More

If you’ve fallen victim to Bad Rabbit, or even if you’d just like to learn more information on the malicious program, follow this link to {{|Kaspersky's official blog}}.


No comments yet. Sign in to add the first!