Petya ransomware strikes back!
A new wave of malware attacks has been launched this week in Europe and has spread all over the world for the last 2 days. The name of the virus – Petya is well known and we have already written about the ways to protect your computer from this ransomware. Unfortunately, Ukrainian government (the European country that was attacked in the beginning of the wave) did not read our recommendations and lots of governmental and business networks were infected with Perya virus.
IT specialists, working in the companies whose networks went down, are sharing the details of the attacks on Internet forums and claim that the majority of infected computers were running Windows 7, while Windows 10 PCs with the latest updates were ok.
Like all ransomwares, Petya demands money to unlock the computer and according to Blockchain 45 people have already paid total of almost 4 bitcoins. Though, according to the forum messages, the unlock codes to the infected computers were not sent after the payment.
The attack was successful not only in Europe, lots of reports about Petya’s infection were also reported in the US and lots of IT companies that are working in the antivirus sphere have already given their recommendation on how to protect the computers from this ransomware.
The first rule is very simple – do not open emails and attachments from unknown senders and even if the sender in your contact list, do not open the file right away, especially if you do not expect any attachments from this person.
Make sure that you have latest Windows updates installed on your computer, including the patch MS17-010.
System administrators should block the following ports on the servers 135, 445, 1024-1035 TCP and block permissions to run executable files from %TEMP% %APPDATA% folders.
Symantec company has come up with a set of interesting preventive actions that should keep your computer safe. According to the specialists, during the attack, Petya virus searches for the file C:\Windows\perfc and in case the file is found, virus does not infect the computer and stops any activity.
Symantec suggests to create this file manually and put it to the C drive.
To do that, open Notepad as Administrator, hit File – Save As, choose Windows folder and enter the name perfc.dll
Once you save the file, go to the Properties and make the file Read-only.
These simple steps should protect your computer from Petya virus.
In case your computer is already infected by Petya ransomware, there is a solution offered by Emsisoft back in 2016. However, to use it, you will need a not infected computer and some skills as the solution foresees the necessity of extracting the hard drive from infected to computer and connecting it to a working PC.
The detailed instructions can be found on Beepingcomputer.
- Posted by Author
- On June 29, 2017
- 0 Comments