How to protect yourself against Bad Rabbit ransomware
News broke earlier about the spread of a new form of ransomware going by the name of Bad Rabbit. It name drops Game of Thrones and bears more than a passing resemblance to WannaCry and Petya.
While the main impact of Bad Rabbit has been felt in Eastern Europe, some instances of the ransomware have also been detected in the US. Thankfully, it's relatively easy -- and free -- to protect your computer. By simply tweaking a couple of files, you can stop the ransomware in its tracks.
The trick was discovered by security researcher Amit Serper who shared his tip on Twitter. Serper, who works at Cybereason, explains that all you need to do is create two files (c:\windows\infpub.dat and c:\windows\cscc.dat) and remove all permissions from them. This means that even if you come into contact with Bad Rabbit, it will not be able to work its magic.
I can confirm - Vaccination for #badrabbit:
Create the following files c:windowsinfpub.dat && c:windowscscc.dat - remove ALL PERMISSIONS (inheritance) and you are now vaccinated. :) pic.twitter.com/5sXIyX3QJl
— Amit Serper (@0xAmit) October 24, 2017
This technique has been confirmed as working by other security researchers, but Kaspersky suggests disabling the WMI service to prevent the spread of Bad Rabbit over a network.
To do this, use the following steps:
- Press the Windows key and R simultaneously, type services.msc and press Enter.
- Locate the Windows Management Instrumentations entry, right click it and select Properties.
- Click the Stop button to stop the service, and from the Startup type drop-down menu select Disabled before clicking OK.