New Rabbit ransomware Reading Time: 2 minutes

Threat Lab Alert for October 27, 2017: Bad Rabbit is in Season

A new ransomware threat called “Bad Rabbit” (or BadRabbit) was analyzed today by the Comodo Threat Intelligence Lab’s malware analysts. This new threat penetrates systems as an “unknown file” and can quickly deliver its ransomware malware payload, which triggers encryption of the machine’s data upon the restart of the machine.

rabbit ransomeware

Watch a computer attacked with this new threat

Upon a forced second restart the ransom demand is made, with instructions for payment and the promise of a decryption service to be performed after payment submission. Here is the ransom screen:

ransomware screen

The ransom demand is in bitcoins. As with other ransomware, the guarantee of decryption by the hacker organization upon payment is far from guaranteed.

“New ransomware attacks like this utilize the window of time between when the new malware is first discovered and when a new virus signature or patch can be created and deployed by the many anti-malware vendors.” said Fatih Orhan, head of the Comodo Threat Intelligence Lab and Comodo Threat Research Labs (CTRL). “It appears as an unknown file at the endpoint, can trick machine learning-based A.I. tools, and is allowed to enter and infect the system with devastating results. I strongly encourage CISOs to reevaluate their “default allow” security posture and to evaluate next generation auto-containment and other isolation technologies which protect against new threats like Bad Rabbit.”

See now how this threat is met by an EPP (endpoint protection platform) using auto-containment for unknown files and other new threats:

bad rabbit auto containment

BadRabbit Auto-containment

This solution in the above video (Comodo Advanced Endpoint Protection (or AEP for short)) enables an organization to deny actual system entry to unknown files until they are fully analyzed and declared safe for use on the system. It does however, allow the user to open and interact with it inside the container while the various analyses are conducted. This enables both the “default-deny security posture” recommended by experts and the “default-allow usability and productivity” desired by employees and non-cybersecurity staff.

For more about the Comodo Threat Intelligence Lab, visit and to learn more about auto-containment and AEP, visit here now.

NOTE FOR MEDIA INQUIRIES: If you’d like to speak with the Comodo Threat Intelligence Lab’s experts on BadRabbit or related threats and technologies, please contact: