Results 1 to 6 of 6

Thread: Petya Ransomeware

  1. #1
    Lead Moderator calikid's Avatar
    Join Date
    Nov 2011
    Location
    Sunny California
    Posts
    10,228
    Blog Entries
    19

    Petya Ransomeware

    Petya Ransomeware.
    Looks like WannaCrypt (WannaCry) ransomeware has died out, and a new threat has taken it's place.
    This one appears to have originated out of Ukraine.

    Underlying infection spread to older versions of Windows by the exploit know as Eternal Blue.
    Same exploit used by WannaCry, released by Shadow Brokers in April 2017. Said to have been stolen from NSA toolkit.
    Not only can clicking on a BAD link infect one computer, with Eternal Blue it is possible to infect ALL computers on the Local Network.

    Sounds like upgrading to a newer version of Windows, not such a bad idea. MS can be snoopy, but beats hackers trashing all your valuable data.
    The aim of an argument or discussion should not be victory, but
    progress. -- Joseph Joubert
    Attachment 1008

  2. #2
    Quote Originally Posted by calikid View Post
    Petya Ransomeware.
    Looks like WannaCrypt (WannaCry) ransomeware has died out, and a new threat has taken it's place.
    This one appears to have originated out of Ukraine.

    Underlying infection spread to older versions of Windows by the exploit know as Eternal Blue.
    Same exploit used by WannaCry, released by Shadow Brokers in April 2017. Said to have been stolen from NSA toolkit.
    Not only can clicking on a BAD link infect one computer, with Eternal Blue it is possible to infect ALL computers on the Local Network.

    Sounds like upgrading to a newer version of Windows, not such a bad idea. MS can be snoopy, but beats hackers trashing all your valuable data.
    In May Microsoft actually released security patches for older versions of Windows, including XP, to block Wannacry. The same patch also prevents Petya attacks.
    Cf., e.g., https://blogs.technet.microsoft.com/...crypt-attacks/ (where you can find the links to install the patch).

    (For the still supported versions of Windows, the patch was available since March).
    An opinion should be the result of thought, not a substitute for it.
    - Jef Mallett

    Ignorance more frequently begets confidence than does knowledge.
    - Charles Darwin

  3. #3
    Lead Moderator calikid's Avatar
    Join Date
    Nov 2011
    Location
    Sunny California
    Posts
    10,228
    Blog Entries
    19
    I have also read that the infection of LAN attached computers is accomplished by way of the SMB version#1 protocol.
    It is an OLD protocol that has been replaced by SMBv2 & SMBv3
    Many sites maintain that disabling the protocol will prevent spreading over the LAN.
    I was surprised to find the 30 year old protocol enabled by default on many WIN7PRO and SERVER2012 systems.
    Systems that had all the recent critical patches installed.
    While I expected the update to disable SMB1, they did not on the systems I have observed.
    Had to manually disable SMBv1.

    I did break one Ricoh copier (scan to folder failed) when SMBv1 was disabled, but switching to FTP protocol resolved the issue.

    Note: I just noticed this same recommendation included in the MS alert Garuda has listed above. The third bullet point.
    The aim of an argument or discussion should not be victory, but
    progress. -- Joseph Joubert
    Attachment 1008

  4. #4
    I've been through several ransomwares, the only response I got was: "we don't have any balls", I replied: "I have several", and they dismissed, unable to follow.

  5. #5
    Lead Moderator calikid's Avatar
    Join Date
    Nov 2011
    Location
    Sunny California
    Posts
    10,228
    Blog Entries
    19
    It was odd that Wannacrypt hit Windows7 the hardest (per McAfee reports) since.that platform was receiving updates. Goes to show, patches are only effective when they are actually installed. Do YOU have auto install critical updates turned on?
    The aim of an argument or discussion should not be victory, but
    progress. -- Joseph Joubert
    Attachment 1008

  6. #6
    Quote Originally Posted by calikid View Post
    It was odd that Wannacrypt hit Windows7 the hardest (per McAfee reports) since.that platform was receiving updates. Goes to show, patches are only effective when they are actually installed. Do YOU have auto install critical updates turned on?
    I do...

    In the 30 something years that I've used Microsoft OSes, only twice did I have to uninstall a patch because it caused severe problems, which then typically were solved within days when a follow-up patch was released.
    An opinion should be the result of thought, not a substitute for it.
    - Jef Mallett

    Ignorance more frequently begets confidence than does knowledge.
    - Charles Darwin

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •