Some users may be able to recover the files encrypted by the Bad Rabbit ransomware without paying the ransom, Kaspersky researchers discovered after analyzing the malware’s encryption functionality.
Once it infects a device, Bad Rabbit looks for certain file types and encrypts them. The disk is also encrypted and a ransom screen is displayed when the computer boots, preventing the victim from accessing the operating system. The disk encryption and bootloader functionality are provided by code derived from a legitimate utility named DiskCryptor.
