Skip Ribbon Commands
Skip to main content

Watch out for the Bad Rabbit


The latest ransomware threat to the corporate world is called “Bad Rabbit”. It can have considerable and damaging effects, but protecting your organization is fairly straightforward.

The number of ransomware attacks continues to grow, and these in turn continue to affect businesses and individuals.

In this NNIT Security Insights article, we take a look at the latest such version, called Bad Rabbit, and provide some tips as to what protection steps businesses can take.

What is Ransomware?

Ransomware is a type of malicious software that threatens to publish data or permanently block access to it unless a ransom is paid.  We wrote about this in an earlier article entitled Ransomware 101.

Why the increasing focus on Ransomware in 2017?

Whilst Ransomware was originally mainly an issue for individuals and their home PCs, attacks are focusing more and more on organizations, and this is resulting in large parts of their IT systems being taken offline.

Examples from this year include the WannaCry variant, that occurred in May 2017, and the NotPetya variant, that occurred in June 2017.  Both of these variants used an exploit known as EternalBlue in order to propagate across a network’s PCs and servers, and both affected the business operations of a number of major organizations.

So what is Bad Rabbit?

Bad Rabbit was first seen in October 2017, and this ransomware variant encrypts a user’s computer or server file tables, which causes the device to stop working.  It is believed that the variant was distributed through a bogus multimedia software update, with affected users becoming victims whilst they browsed malware-infected websites.

The Ransomware poses a threat because it is widespread, and because it has the ability to spread over the network when a device has been infected.  In addition, if the malware gets into a network, it can cause severe damage within a short amount of time.
After it has infected the initial machine in a network, the malware scans the internal network for open SMB shares with a specific name. The threat relies on a post-exploitation tool to harvest credentials, but it also includes a hardcoded list of usernames and passwords.  It does not utilize the EternalBlue exploit used in WannaCry and NotPetya, requires user interaction, and in general does not seem as widespread as NotPetya or Wannacry.

How bad is Bad Rabbit?

Whilst the effects of Bad Rabbit can be pretty bad due to the previously mentioned encrypted PC and server file tables, the prevention systems typically deployed in an organization are now largely able to detect the malware before a successful attack can occur.  Similarly, the websites used for distribution of the variant have largely been updated, reducing the likelihood of infections.

Prevention Steps

Here are a few tips on how to improve protection against ransomware:

• Remove local administrator access rights from PCs and servers, to prevent users from inadvertently installing the malware.
• Update antivirus solutions with the latest signature aimed at protecting against this version of the ransomware.  If you have this service provided through NNIT, this has already been done.
• Inform employees about the situation and advise them to use caution if visiting websites that prompt them to install Flashplayer
• Raise security awareness across the organization regarding online security
• Implement access control on network drives to reduce the likelihood of a single infected user PC causing widespread disruption across the business’s network drives
• Implement standard system patching processes to ensure that all systems, software, PCs and servers are patched for known vulnerabilities.

Mitigation Activities

It is difficult to avoid getting hit by any kind of malware at some point, and therefore effective incident response is crucial to ensure fast reaction by the organization in the event of an outbreak.  In order to minimize the impact to the business following such an event, include the following mitigating actions:

• Develop a specific security incident response process for ransomware incidents to ensure a step-by-step response is in place to quickly respond to and resolve incidents
• Review business continuity processes to ensure prompt recovery and / or alternative working arrangements during recovery
• Review, update and test system backup and restore processes to ensure that backup files can be promptly restored in the event of an outbreak, minimizing the impact to the business´


About the Author

John Clayton is an IT Management Consultant and Cybersecurity Specialist with more than 20 years’ experience in IT and Management Consulting, and with roles bridging Business and IT.

About NNIT Security Insights

NNIT Security Insights is a regular column where prominent NNIT IT security advisors share their thoughts on current and future IT security challenges and how to deal with them.

NNIT’s Cyber Defense Center has the necessary competencies in-house to respond and assist.  We have also developed a range of services that can help businesses to achieve the right level of security protection to protect the business from financial and reputational damage. 

You are welcome to contact us at if you want to know more about how NNIT can help your business increase its security level.



Helge Skov Djernes+45 30758868hfsd@nnit.comInformation Security Management Consultant Skov Djernes



Infosecurity 2020 2020
Are you prepared to protect your business-critical IT? you prepared to protect your business-critical IT?
Are you prepared to protect your business-critical IT? you prepared to protect your business-critical IT?
Protect your gold: How to avoid your data ending up in the wrong hands your gold: How to avoid your data ending up in the wrong hands
How scammers attack your company using CEO fraud scammers attack your company using CEO fraud
VR Cybersecurity Training Cybersecurity Training
Cloud Security Security
Identity & Access Management & Access Management
Managed Security Security
The Fine Art of Aligning Business Strategy and Information Security Strategy Fine Art of Aligning Business Strategy and Information Security Strategy