Jump to content
Sign in to follow this  

How to protect yourself against Petya malware

Recommended Posts

I am sure there are lots of folks that think they can afford to lose all that is on their computer. But as I harp on a lot it is critical today to do your patches! Lots of folks are still running XP and even though Microsoft issued a patch for this in March, and even for XP users too, folks just think they are under the radar. If you don't patch, don't complain about Microsoft, they aren't the problem.


"How to protect against it

There are two ways Petya/GoldenEye attacks a computer. "The exploit attacks vulnerable Windows Server Message Block (SMB) service, which is used to share files and printers across local networks," said David Sykes, business security expert at Sophos. "Microsoft addressed the issue in its MS17-010 bulletin in March, but the exploit proved instrumental in the spread of WannaCry last month. The new Petya variant can also spread by using a version of the Microsoft PsExec tool in combination with admin credentials from the target computer."

These problems have been patched, but some people have not downloaded the fix, so it keeps spreading. Your first line of defense is to be sure you have the latest version of Windows: If you have automatic updates turned on, you're safe. The update should already be installed to your computer.

If you don't have auto update on, you can download the security update here:

Windows has a download page for all versions available here.


Next, make sure that your antivirus software is up to date. Most antivirus companies already have patches out that block Petya and this new version of it."

More in the article here:


Share this post

Link to post
Share on other sites

It's worse!

The malware is now considered to be a "wiper infection" that wipes your drive with no hope of decrypting the data in an infected computer. The good news is the initial wave of the global attack is over, and patched/updated computers since March are safe for now.


“We actually consider this a sabotage attack or wiper attack. Whether it is intentional or not, I’ll leave that to others to speculate,” said Juan Andres Guerrero-Saade, senior security researcher at Kaspersky Lab. “You can’t call an attack, with no possible way of decrypting files, a ransomware attack,” he said.

According to Comae Technologies researcher Matt Suiche, there is bug in the malware’s encryption code that prevents any decryption key from working. That is something independent of the fact the German email provider Posteo shut down the attacker’s email address preventing victims from contacting the attacker in order to have payments verified.

“The actual function to encrypt files contains a logic bug. Because of the way the malware encrypts the data, it makes it impossible to decrypt the files properly, assuming there was a decryption key,” Suiche said during the webinar.

The good news about the outbreak is the initial attack wave is over. Suiche said most of the damage from ExPetr has already been done. “So, if you haven’t been effected by now it’s very unlikely you are going to be,” he said. The initial infection, unlike WannaCry, was one big wave, he said."


More here: https://threatpost.com/expetr-called-a-wiper-attack-not-ransomware/126614/?utm_source=newsletter&utm_medium=Email&utm_campaign=tp daily digest

Share this post

Link to post
Share on other sites
2 hours ago, secessus said:

I would also recommend

  1. making backups before you need them; and
  2. run windows on a virtual machine; or
  3. run linux


I just read that Linux has come under attack , as well .

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this