Petya ransomeware as reported last month also known as “Petwrap,” is spreading rapidly, “shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and demanding demands $300 in bitcoins,” and has affected over 300,000 computers in only 72 hours.
Petya does not encrypt files one by one in its attempt to elicit those Bitcoin payments, but uses an even more nefarious method:
Instead, Petya reboots victims computers and encrypts the hard drive’s master file table (MFT) and rendering the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk. Petya replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.
Microsoft issued a series of patches for this type of exploit back in April, including taking the unusual step of patching the unsupported Windows XP operating system, so if you’re current on updates you should be ok.
However the company also recommends removing the unused but vulnerable SMBv1 file sharing protocol from your systems.
It’s pretty easy to do, and well worth it for the peace of mind it could bring as yet another ransomware exploit powered by leaked NSA hacking tools runs amuck. Our colleague over at ZDNet, Ed Bott, runs through the procedure for Windows 10 machines:
- Open the Control Panel (search for it from the Start Menu).
- Click Programs and Features, and then on the left hand column.
- Click Turn Windows Features on or off.
- Scroll down to SMB 1.0/CIFS File Sharing support, Uncheck it, and reboot.
For now, governments and industries are grappling to fight the ransomware and perhaps looking at their penchant for running older unpatched systems, as the dirty tricks of the NSA continue to come back to haunt us.
Source: OnMSFT
No comments:
Post a Comment