Login Register


Petya ransomware: How to make sure you're safe

#1

[Image: Windows-10-banner-logo-devs-04.png]

A month ago, it was the "WannaCry" ransomware wreaking havoc over the internet, and now this month another ransomware exploit is rapidly expanding all over Europe which started with companies in Ukraine. The new ransomware is known as "Petya", which uses the same SMBv1 exploit that WannaCry uses to rapidly replicate throughout network systems, but holds infected computers hostage in a significantly different way.

Petya does not encrypt files one by one in its attempt to elicit those Bitcoin payments, like WannaCry does, but uses an even more egregious method:

Quote:Instead, Petya reboots victims computers and encrypts the hard drive’s master file table (MFT) and rendering the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk. Petya replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.

Microsoft issued a series of patches for this type of exploit back in April, including taking the unusual step of patching the unsupported Windows XP operating system. So if you're always up-to-date, you should be okay and not have to worry about a thing. However, the company also recommends removing the unused but vulnerable SMBv1 file sharing protocol from your systems.

What is the SMB File Sharing?
Quote:SMB 1.0/CIFS File Sharing Support - this feature enables the sharing of files and printers with computers running older versions of Windows, ranging from Windows NT 4.0 up to Windows XP and Windows Server 2003 R2. The Server Message Block (SMB) protocol may be used by other operating systems like Linux or OS X to communicate with Windows devices.

Other than that, it is rather pointless and not needed for the average users. Want to disable it? Here's how you do it.

For Windows 10 and Windows 8.1 Wrote:
  1. Open the Control Panel (search for it with Cortana)
  2. Click Programs and Features, and then on the left-hand column
  3. Click Turn Windows Features on or off
  4. Scroll down to SMB 1.0/CIFS File Sharing support,
  5. Uncheck it, and reboot

Running an older version of Windows? Please check this Microsoft page for more details on disabling on Windows 7.


Stay safe out there!
- Atlas Industries, Suraf

Bought to you by Atlas Security

Reply
#2

Superb detail, and very helpful for those wondering about the dangers of this.
I thank you for taking the time to share this with us! Smile


Create a brighter future
[Image: pwg86Hx.png]
"To live a creative life, we must first lose our fear of being wrong"
Reply
#3

(07-07-2017, 08:38 AM)katos Wrote: Superb detail, and very helpful for those wondering about the dangers of this.
I thank you for taking the time to share this with us! Smile

Not a problem! :p
Reply




Users browsing this thread:
1 Guest(s)