Jump to content
Suraf

Petya ransomware: How to make sure you're safe

Recommended Posts

Windows-10-banner-logo-devs-04.png

A month ago, it was the "WannaCry" ransomware wreaking havoc over the internet, and now this month another ransomware exploit is rapidly expanding all over Europe which started with companies in Ukraine. The new ransomware is known as "Petya", which uses the same SMBv1 exploit that WannaCry uses to rapidly replicate throughout network systems, but holds infected computers hostage in a significantly different way.

Petya does not encrypt files one by one in its attempt to elicit those Bitcoin payments, like WannaCry does, but uses an even more egregious method:

Quote

Instead, Petya reboots victims computers and encrypts the hard drive’s master file table (MFT) and rendering the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk. Petya replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.

 

Microsoft issued a series of patches for this type of exploit back in April, including taking the unusual step of patching the unsupported Windows XP operating system. So if you're always up-to-date, you should be okay and not have to worry about a thing. However, the company also recommends removing the unused but vulnerable SMBv1 file sharing protocol from your systems.

What is the SMB File Sharing?

Quote

SMB 1.0/CIFS File Sharing Support - this feature enables the sharing of files and printers with computers running older versions of Windows, ranging from Windows NT 4.0 up to Windows XP and Windows Server 2003 R2. The Server Message Block (SMB) protocol may be used by other operating systems like Linux or OS X to communicate with Windows devices.

 

Other than that, it is rather pointless and not needed for the average users. Want to disable it? Here's how you do it.

For Windows 10 and Windows 8.1

  1. Open the Control Panel (search for it with Cortana)
  2. Click Programs and Features, and then on the left-hand column
  3. Click Turn Windows Features on or off
  4. Scroll down to SMB 1.0/CIFS File Sharing support,
  5. Uncheck it, and reboot

Running an older version of Windows? Please check this Microsoft page for more details on disabling on Windows 7.

Stay safe out there!

Bought to you by Atlas Security

 

Share this post


Link to post
Share on other sites
On 7/1/2017 at 1:53 PM, Death said:

Very helpful!

Just want others to know about Security risks and help block it so they wouldn't have to worry. :P

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×