Bad Rabbit Ransomware – How to protect your clinic or hosptial

Posted on Oct 25, 2017

We are seeing reports of a new Ransomware attack called Bad Rabbit based on prior NotPetya attack this past June.  It is a variant that has spread from Russia and the Ukraine to countries worldwide – including the United States.

 

There are ways to assure your clinic or hospital is protected. First assure you have the latest Microsoft patches installed on your machine. Specifically the one released in March of 2017 that fixes a known issue that allows this to spread itself across the network.  For those clinics and hospital on our IT Wellness Plans, you are already protected!

 

As always check your backups and assure they are good and recent just in case something gets through you have something to fall back to. (i.e. not pay the ransom).  If you are making backups to USB attached hard drives, be careful as the Ransomware can attack your backups leaving you no choice but to pay the ransom!  We recommend using a more secured approach of a network device that is password protected so Ransomware can’t infect.

 

There is a Vaccine to protect customers from Bad Rabbit that we will be deploying to all managed clinics and hospitals to assist them with trying to stop this thing from infecting machines. This is fairly technical so you may want to pass this along to your IT provider to assure they get this fix in place for your workstations and servers.

 

Last be aware that this is infecting machines by prompting users to update their Adobe Flash software.  It is a fake flash update prompt and highly recommend educating your employees to be on the lookout for this type of prompt and to NOT click anything, reboot the machine and report the issue to your IT person as soon as possible.  We maintain our clinics and hospitals Adobe Flash with automated scripts and you should not be seeing any updates to Flash.  Again don’t click “No” or any prompts as the programming language is most likely built to install itself no matter what you choose – Getting the malware/ransomware on the machine is the goal for these bad guys.

 

Hope this is helpful and if you are needing any assistance assuring your clinic or hospital is protected, please contact Joseph Axne at 303-520-3733 x9010 or use the “Contact” link above.  We would be happy to assist.

 

Sean Fetter, our Network Admin wanted me to post usernames and passwords Bad Rabbit uses for self-replication.  If you use any of these usernames or passwords, highly suggest you change as these are common and scary how common we see passwords like these.

 

Usernames:

  • Admin
  • Administrator
  • alex
  • asus
  • backup
  • boss
  • buh
  • ftp
  • ftpadmin
  • ftpuser
  • Guest
  • manager
  • nas
  • nasadmin
  • nasuser
  • netguest
  • operator
  • other user
  • rdp
  • rdpadmin
  • rdpuser
  • root
  • superuser
  • support
  • Test
  • User
  • User1
  • user-1
  • work

Passwords:

  • 111111
  • 123
  • 123321
  • 1234
  • 12345
  • 123456
  • 1234567
  • 12345678
  • 123456789
  • 1234567890
  • 321
  • 55555
  • 777
  • 77777
  • Admin
  • Admin123
  • admin123Test123
  • Administrator
  • administrator
  • Administrator123
  • administrator123
  • adminTest
  • god
  • Guest
  • guest
  • Guest123
  • guest123
  • love
  • password
  • qwe
  • qwe123
  • qwe321
  • qwer
  • qwert
  • qwerty
  • qwerty123
  • root
  • secret
  • sex
  • test
  • test123
  • uiop
  • User
  • user
  • User123
  • user123
  • zxc
  • zxc123
  • zxc321
  • zxcv

Leave a Reply

Your email address will not be published. Required fields are marked *