Bad Rabbit ransomware Vaccine to prevent

Posted on Nov 17, 2017

Towards the end of last month we blogged bout a nasty new ransomware variant called Bad Rabbit.   This is an animal you don’t want to see in your clinic or hospital.  But there is a cure to this new nasty threat.  Below is how you can put in a vaccine to prevent this malware from infecting your systems and holding you hostage to your own data.

 

We also have an automated way of rolling this out if interested. Just use the Contact Us above and we would be happy to help.  Or pass along this information to your managed IT service to assure they get this in place to protect your practice.  If you are a customer of ours, we have already rolled out this vaccine to prevent.

 

First, create these two files in c:\windows:

 

infpub.dat
cscc.dat

 

You can do that really quickly by starting cmd.exe as an admin:

image4.png

Then type the following commands:
echo “” > c:\windows\cscc.dat&&echo “” > c:\windows\infpub.dat

 

Next, remove all their permissions by right clicking each file and selecting properties:

image7.png

 

Then select the security tab:

image3.png

 

Now click advanced, opening the following window:

image2.png

 

Click change permissions, opening the following window:

image5.png

 

Then, uncheck the “Include inheritable permissions from this object’s parents” box.
After you do that, the following window will pop up. Click “remove”.

image6.png

 

You are now done. Remember to perform this action for the two files you created.

 

If you are running Windows 10, repeat the same steps but instead of unchecking the inheritance box, click the “disable inheritance button”:

image8.png

 

And then select “Remove all inherited permissions from this object”:

image1.png

 

Leave a Reply

Your email address will not be published. Required fields are marked *