Last active
September 17, 2021 16:00
-
-
Save bantya/f1796317490cbc8d1264565245488e97 to your computer and use it in GitHub Desktop.
bat: Stop BadRabbit Ransomeware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| :: This is not my code, the BadRabbit Ransomeware was posted on a following video: | |
| :: https://www.youtube.com/watch?v=Y6WOpE92vKc | |
| :: Idea for Petya Ransomeware was given on: | |
| :: https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/ | |
| :: I just made this to make it available easily. | |
| :: For BadRabbit | |
| type NUL > %windir%\cscc.dat | |
| type NUL > %windir%\infpub.dat | |
| icacls "%windir%\cscc.dat" /inheritance:r /remove Administrators | |
| icacls "%windir%\infpub.dat" /inheritance:r /remove Administrators | |
| :: For Petya/NotPetya/SortaPetya | |
| type NUL > %windir%\perfc.dll | |
| type NUL > %windir%\perfc.dat | |
| type NUL > %windir%\perfc | |
| icacls "%windir%\perfc.dll" /inheritance:r /remove Administrators | |
| icacls "%windir%\perfc.dat" /inheritance:r /remove Administrators | |
| icacls "%windir%\perfc" /inheritance:r /remove Administrators |
Hi, thanks for this script! I took the liberty of using and updating this and uploaded it all as an independent repository at https://github.com/Phoenix1747/ransom-prevention hope this is ok for you 😃
Thanks @pquerner for the %windir% suggestion.
And @Phoenix1747, its perfectly OK for me. I too used someone else's idea and modified it.
👍
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This assumes Windows is installed on C drive. Maybe the Systemvariable %windir% can be used instead to help cases where this is not the case.