Researchers from two separate IT security firms have independently verified that the “Bad Rabbit” and “Backswing” ransomware are connected.  The Backswing framework, in existence since 2016 and responsible for a widespread breakout of payloads delivering crypto-locking viruses across the globe.  This same framework has been utilized to contract the “Bad Rabbit” payload by simply redirecting the URL the payload is delivered.  Some of these payloads are have a more sinister goal than simply financial gain – such as a foreign state sponsor looking to hack government and financial institutions.

As for the “Bad Rabbit” ransomware itself, Kaspersky Labs uncovered a number of flaws in the “Bad Rabbit” virus that could give victims an opportunity to get there data back without having to shell out the ransom.  Although early reports of the encryption key being leaked by the source of the ransomware were false; Kaspersky did find a flaw in the code in which the ransomware does not wipe the generated password from the destination storage.  This leaves a slim chance that it can be extracted before the process is completed.

The best protection from any virus, malware, or ransomware is to ensure your systems are updated regularly; security best practices are adhered to, and all systems have active and up to date Anti-Virus/Anti-Malware software running.   Cadan Managed Services delivers full protection for your IT systems and networks; ensuring your organization is protected against malicious viruses, malware, and ransomware.

Can Data be Recovered from the “Bad Rabbit” Ransomware?