Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Rabbit Ransomware

Rabbit Ransomware is a screen locker, which means instead of encrypting users files and asking for a ransom in exchange for decryption tools it merely blocks the screen and shows a warning demanding to pay for unlocking the screen. Luckily, it looks like this malicious application is still new and has some flaws. For instance, our researchers were able to extract the screen’s unlock password from the malware’s code. Thus, if the threat locked your screen and you do not want to pay for getting back the control of your computer, we advise reading the rest of the article in which we will mention the code. Soon after removing the malware’s window, we would recommend erasing Rabbit Ransomware at once. Those interested in eliminating the malicious application by themselves should have a look at the deletion instructions located below the text. As for others, we recommend scanning the device with a reliable security tool.

Since the sample we came across was titled Windows Driver Update.exe, we believe Rabbit Ransomware could be distributed with fake updates or other installers. Such files might be spread via malicious pop-ups, untrustworthy file-sharing websites, or even as email attachments. Therefore, if you download any updates or installers make sure they come from legitimate sources. In other words, you should avoid downloading such content from torrent websites, web pages accessed through doubtful pop-ups, file-sharing sites that offer freeware from unknown creators, and sources alike. If you know the downloaded file comes from unreliable sources and you suspect it might be infected, you should scan it with a reliable antimalware tool of your choice. It could take a couple of minutes of your time, but in case the file appears to be harmful, the scan might help you dodge a bullet.

After being launched, Rabbit Ransomware should block the victim’s Task Manager and then lock the screen by displaying a borderless window saying: “Your Windows has been Infected by Rabbit Ransomware!” Also, it ought to demand payment of 0.005 BTC or 0.15 ETH. These are two different cryptocurrencies and at the moment of writing both of the sums are equal for about 23 US dollars. The sum might seem insignificant considering it could give you back access to your computer, but our researchers say there is a way to unlock the screen without paying the cybercriminals. The sample’s we tested password for unlocking the screen was “RabbCompany66” without the quotation marks. If you encountered the same version of Rabbit Ransomware as we did, your screen should be unblocked after you enter the mentioned passcode into the provided box located on the malicious application’s window. Keep it in mind that restarting the computer will not help as the threat auto-starts with Windows.

In case the mentioned password (RabbCompany66) does not work, you should move to the next step which is deleting Rabbit Ransomware from the system. Our researchers say the malware creates a Registry entry called DisableTaskMgr in the HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System directory to block the user’s Task Manager. Without the mentioned tool it is impossible to kill the malicious application’s process and to erase it. Nonetheless, users can restart the computer in Safe Mode with Networking. This way they can eliminate all data associated with the threat manually, and as they reset the computer normally, the malware should not relaunch.

Another way to get rid of Rabbit Ransomware is to restart the device in Safe Mode with networking and then download a reliable antimalware tool. Once it is installed, you should perform a full system scan to locate the malicious application and other possible threats. Later on, the tool should let you remove all detections at the same time by pressing its provided deletion button. If you need further assistance with the malware’s removal or have any questions about it, you should not hesitate to leave us a comment below the instructions.

Restart the computer in Safe Mode

Windows 8/Windows 10

  1. Tap Win+I for Windows 8 or open Start menu for Windows 10.
  2. Press the Power button.
  3. Click and hold Shift then click Restart.
  4. Pick Troubleshoot and choose Advanced Options.
  5. Go to Startup Settings and click Restart.
  6. Press F5 and restart the PC.

Windows XP/Windows Vista/Windows 7

  1. Navigate to Start, select Shutdown options and pick Restart.
  2. Press and hold F8 when the PC starts restarting.
  3. Mark Safe Mode with Networking.
  4. Select Enter and log on.

Eliminate Rabbit Ransomware

  1. Click Win+E.
  2. Find these locations:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  3. Look for the threat’s installer, then right-click it and press Delete.
  4. Exit File Explorer.
  5. Press Win+R.
  6. Type Regedit and press Enter.
  7. Go to this path: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
  8. Locate a value name called DisableTaskMgr, right-click it and press Delete.
  9. Navigate to: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  10. Search for a value name belonging to the malware, e.g., Windows_Service, right-click it and press Delete.
  11. Empty Recycle bin.
  12. Restart the system.
Download Spyware Removal Tool to Remove* Rabbit Ransomware
  • Quick & tested solution for Rabbit Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.