How to remove bad rabbit ransomware

Bad Rabbit was the name given to a ransomware attack performed in October 2017. It encrypted files and installed a modified boot loader on PCs, preventing them from booting properly. It then demanded a ransom.

What is Bad Rabbit ransomware?

Bad Rabbit arrived in late 2017, hard on the heels of the infamous WannaCry ransomware, and another attack known as ExPetr. It was reported that it used a Windows exploit known as EternalRomance to move along a local network and attack computers connected to it. 

However, other reports suggested that no exploits were used and that it spread via drive-by downloads from infected websites. Those websites were compromised by having JavaScript injected into their HTML body or a .js file. The targeted sites were thought not to be random but chosen deliberately. 

Similarly to WannaCry, large corporate sites were targeted, but in the case of Bad Rabbit, it appeared that media organizations in Russia and Ukraine were a specific target. Bad Rabbit was able to spread quickly by using a list of weak usernames and passwords to launch brute-force attacks on the chosen sites.

Hacked websites displayed messages claiming a user’s Flash Player was out of date, along with a link to an installer. When the user clicked the link, the ransomware was installed on their computer. 

Once the ransomware encrypted files, users were directed to a Tor payment page shown a warning telling them that their files were encrypted and that they would have to pay a ransom in Bitcoin to get the encryption key. A countdown timer, starting at 40 hours, was also displayed, and users were told that if they didn’t pay by the time the timer got to zero, the price would go up.

Bad Rabbit ransomware

How can I protect my Mac against Bad Rabbit

The good news is that the Bad Rabbit ransomware attacks were now a few years ago and they only affected PCs. However, there are other ransomware attacks and other malware that do affect Macs and you should be just as vigilant about protecting yourself from those.

  • Install an anti-malware tool to scan your Mac regularly (we recommend CleanMyMac X).
  • Don’t click on any link on the pop-up windows on a website.
  • If you must use Flash Player, only ever update it from Adobe’s website.
  • Don’t click on a link in an email unless you are sure where it leads. 
  • Don’t download software from free download sites that use their own download manager.
Did you know?

The hackers behind Bad Rabbit seem to have been fans of Game of Thrones, either the books or the TV series. The ransomware code contains references to Viserion, Drogon, and Rhaegal – dragons who are featured in the books and TV series.

Signs a computer has been affected by Bad Rabbit

As we said above, Bad Rabbit hit Windows PCs and so macOS was unaffected. However, if you use Boot Camp to run Windows on your Mac, it could possibly be affected – though given that it seems to have been targeted, it’s unlikely.

The clear sign that a computer is affected by Bad Rabbit is the demand for a ransom, with the headline ‘Bad Rabbit’ above it.

How to get rid of ransomware on your Mac

Sadly, by the time you discover you have ransomware on your Mac, it may already be too late. If it has encrypted files or locked access to your boot drive, there’s little you can do without the encryption key. However, you shouldn’t pay the ransom. Doing so will mark you as a target for future attacks. And just because you can do little about a ransomware attack once it’s happened, doesn’t mean that you shouldn’t scan your Mac for other types of malware. In fact, it’s more reason to do so, as if you’ve been attacked once, you may have been targeted previously.

The solution is to scan your Mac using an anti-malware tool. There are several available for the Mac, both free and paid. We recommend CleanMyMac X. CleanMyMac X is notarized by Apple, which means it’s safe software for your Mac. 

It can protect your Mac in real-time, keeping you informed in case of anything suspicious. And you can also use it to scan your Mac for malware at the push of a button. Better still, CleanMyMac X has several modules to clean up your Mac and get rid of junk files, helping it run more smoothly and more quickly.

Here’s how to use CleanMyMac X to protect your Mac. 

  1. Download, install, and launch CleanMyMac X.
  2. Click on the CleanMyMac menu and choose Preferences.
  3. Select the Protection tab.
  4. Check the box next to ‘turn on real-time protection’
  5. Close Preferences.
  6. Choose the Malware Removal module in the sidebar.
  7. Malware removal module of CleanMyMacX
  8. Press Scan.
  9. If CleanMyMac reports that it has found malware, press Remove to get rid of it.

That’s it! That’s all you need to do to protect your Mac with CleanMyMac X. It will now run in the background, scanning your Mac and comparing what it finds with its regularly-updated database of known malware. If it finds anything, it will let you know and offer to remove it.

Bad Rabbit was the name given to a ransomware attack in late 2017 that seemed to have been targeted at large Russian media organizations, but that also hit computers in Ukraine, Poland, Turkey, Germany, Bulgaria, and South Korea. It encrypted files, prevented PCs from booting properly, and demanded a ransom for the encryption key. Although the attack described happened some time ago and only PCs were involved, it doesn’t mean that macOS is always protected. But, you can eliminate the risks by using powerful software like CleanMyMac X, which conducts regular scans to detect any threat on your Mac. 

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.