New ransomware attack hits Europe

Discussion in 'News Editions' started by Ian, Jun 28, 2017.

  1. Ian

    Ian Administrator

    Joined:
    Feb 23, 2002
    Likes Received:
    700
    Airlines, powerstations, banks and other businesses have been hit by a new wave of "Ransomware" attacks. Affected PCs will find that the operating system has been encrypted, with demands for a payment to unlock the system. Windows XP - Windows 10 PCs could be vulnerable, so be sure you have installed all current Windows updates and have anti-virus software installed.

    This "Petya" cyber-attack has even caused problems at the infamous Chernobyl power station, meaning that radiation levels are now manually performed.

    As usual, take care when opening e-mail attachments or other unfamiliar files. The best defence is by having a fully patched operating system with AV software installed (even if it's Windows Defender).
     
    Ian, Jun 28, 2017
    #1
    1. Advertisements

  2. Ian

    Ian Administrator

    Joined:
    Feb 23, 2002
    Likes Received:
    700
    If looks like you'll get an image like this upon booting if you have been infected:

    DDWXCFWW0AA6pwD.jpg

    Turning your system off at this stage will prevent the encryption from completing, meaning that you can restore the data manually.

    Thanks to https://twitter.com/hackerfantastic for the image.
     
    Ian, Jun 28, 2017
    #2
    1. Advertisements

  3. Ian

    Abarbarian Acruncher

    Joined:
    Sep 30, 2005
    Likes Received:
    628
    Location:
    A cabin in the woods by a river
    Abarbarian, Jun 29, 2017
    #3
  4. Ian

    Captain Jack Sparrow New Cruncher

    Joined:
    Jul 1, 2007
    Likes Received:
    97
    Location:
    On the Black Pearl
    Of course, you should already be patched against the exploits which the ransomware spreads with; NotPetya uses the same NSA exploits that WannaCry used last month to cause worldwide chaos.

    However, it's still possible to receive NotPetya by email, malware dropper or malicious drive-by download. Therefore, it pays to take preventative measures:

    In the Windows directory (usually C:\Windows\), create the following read only files:

    perfc
    perfc.dat
    perfc.dll

    Source (external link, BleepingComputer)

    If the presence of these files annoys you, set these files to hidden.
    These files are allegedly how the ransomware's poorly implemented anti-re-infection mechanism works, so by simply creating these read only files, a potential infection of NotPetya will stop before delivering its payload (at least with the current strain of the ransomware).

    There are now unconfirmed reports that a new variant of the ransomware places these files in %ProgramData%. This seems like a quick and dirty workaround to continue targeting those who have discovered the information above. So I'd also recommend doing the same in this location too.

    Last night, I used a Group Policy Preferences item to automatically deploy these files to all computers, but if you're not as lucky as me, you can always use a script or batch file.

    - Capt. Jack Sparrow.
     
    Last edited: Jun 29, 2017
    Captain Jack Sparrow, Jun 29, 2017
    #4
    Core, Ian and EvanDavis like this.
    1. Advertisements

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
  1. Ian

    New VIA AGP Driver

    Ian, Mar 15, 2002, in forum: News Editions
    Replies:
    15
    Views:
    5,094
    Fontburn
    Mar 21, 2002
  2. Eric Portelance

    Intel Set To Announce New Pentium 4s

    Eric Portelance, May 4, 2002, in forum: News Editions
    Replies:
    0
    Views:
    1,322
    Eric Portelance
    May 4, 2002
  3. Ian

    Simulated Cyber-Warface in Europe

    Ian, Nov 7, 2010, in forum: News Editions
    Replies:
    0
    Views:
    3,136
  4. V_R
    Replies:
    9
    Views:
    3,049
    Silverhazesurfer
    Feb 6, 2012
  5. Becky
    Replies:
    0
    Views:
    1,311
    Becky
    Oct 29, 2012
  6. Becky

    Amazon Echo coming to Europe

    Becky, Sep 14, 2016, in forum: News Editions
    Replies:
    1
    Views:
    2,078
  7. Becky
    Replies:
    1
    Views:
    1,030
    Captain Jack Sparrow
    Oct 29, 2016
  8. Becky
    Replies:
    3
    Views:
    498
    EvanDavis
    May 5, 2017
Loading...