How to remove Bad Rabbit virus and restore encrypted files

Bad Rabbit ransomware virus

Bad Rabbit ransomware had penetrated many computers around the world via basic method: false e-mails with viral attachments. Occasionally scammers use exploits to penetrate the system, but they are quickly corrected. When infection is done, ransomware inspects the computer memory to find the files to be cyphered and their approximate value. Currently, each modern virus knows how to encrypt video, image, audio and text info in all popular extensions. High attention is paid to businesslike information, since representatives of business are the main objective for hackers. Bad Rabbit targets only information, and doesn't affect the software, so that the man can use the computer to make the payment. The process is made through famous encryption algorithms, and its complexity is so high that it can't be bruteforced. This is the basis for such a stunning efficiency of this kind of viruses in last years: common customer, even having a very good knowledge of the PC, will never be able to restore the files, and will be forced to pay the price. The single method to decrypt files is to find the fraudster's site and retrieve the master key. Also there's a way to obtain the keys through defects in the code of the virus itself. Ransomware asks for 300 dollars for data restoration.

Bad Rabbit ransomware virus

This article is dedicated to Bad Rabbit virus which penetrates users' machines in all countries of the world, and encrypts the files. In this article we've gathered important info about what is Bad Rabbit, and the uninstalling of Bad Rabbit from the laptop. Furthermore, we'll explain how to get back the corrupted data and is it possible.

The computer knowledge is quite important in our century, as it helps customer to defend the PC from computer viruses. For encrypting viruses this is most important, because, in contradistinction to regular viruses, when you uninstall ransomware from the system, the fruits of its doings will stay. It's very easy to decrease the chances of getting ransomware if you'll follow these principles:

    • Heed to the dialog boxes. If the machine is penetrated by ransomware, it will endeavour to remove the shadow copies of the files, to make the recovery less possible. Anyway, deleting of copies requires admin rights and verification from the operator. If you'll stop for a moment before accepting the pop-up, it might save your data and your time.
    • Be careful with the e-mails which contain files. The very effective model of fraud messages is the notification about prize gaining or package obtaining. You also should keep an eye on business correspondence, especially if you don't know the sender and not sure what's inside. lawsuits, Invoices for products and services, summaries, appeals and suchlike specific files don't be sent accidentally, and you, as a minimum, should know the person who sent it. Otherwise, it is a scam.
    • Keep an eye on the performance of your laptop. It consumes much of CPU power to encrypt the information. If you notice an abnormal decline in computer performance or notice a unknown process in the Process Manager, you should switch off the laptop, start it in safe mode, and run the antivirus. This, if the machine is really infected, will save a lot of your information.

Malware deletion isn't the happy end - it's only a first step from many until the complete data restoration. If you remove ransomware, you won't get back the files instantly, it will require additional measures described in the "How to restore encrypted files" section. To eliminate any virus, you have to boot the workstation at safe mode and run the scanning via antivirus tool. We don't recommend you to uninstall ransomware manually, because it has various security mechanics that could counteract you. The most efficient ransomware defensive technique is the removal of data in event of file decryption or Bad Rabbit removal attempt. To avoid this, follow the tips below.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode


After eliminating the ransomware from the system, you should recover the encrypted data. It's impossible to decypher the data, but we'll recover them via OS functionality and the special programs. There are the few chances, but usually file restoration needs lots of time and money. If you are more interested in the independent information recovery - read this entry, which describes all the most effective manners.

To restore information, follow the article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.