Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
bat: Stop BadRabbit Ransomeware
@echo off
:: This is not my code, the BadRabbit Ransomeware was posted on a following video:
:: Idea for Petya Ransomeware was given on:
:: I just made this to make it available easily.
:: For BadRabbit
type NUL > %windir%\cscc.dat
type NUL > %windir%\infpub.dat
icacls "%windir%\cscc.dat" /inheritance:r /remove Administrators
icacls "%windir%\infpub.dat" /inheritance:r /remove Administrators
:: For Petya/NotPetya/SortaPetya
type NUL > %windir%\perfc.dll
type NUL > %windir%\perfc.dat
type NUL > %windir%\perfc
icacls "%windir%\perfc.dll" /inheritance:r /remove Administrators
icacls "%windir%\perfc.dat" /inheritance:r /remove Administrators
icacls "%windir%\perfc" /inheritance:r /remove Administrators
Copy link

pquerner commented Nov 10, 2017

This assumes Windows is installed on C drive. Maybe the Systemvariable %windir% can be used instead to help cases where this is not the case.

Copy link

Phoenix1747 commented Nov 11, 2017

Hi, thanks for this script! I took the liberty of using and updating this and uploaded it all as an independent repository at hope this is ok for you 😃

Copy link

bantya commented Jan 21, 2018

Thanks @pquerner for the %windir% suggestion.
And @Phoenix1747, its perfectly OK for me. I too used someone else's idea and modified it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment