Windows 10: Bad Rabbit ransomware: A new variant of Petya is spreading

Read more: Bad Rabbit ransomware: A new variant of Petya is spreading, warn researchers | ZDNet

:)

 

Ransomeware

According to
bleepingcomputer.com petya ransomware can affects only MBR.

 

Petya/Goldeneye ransomware

Hi JM,

There are three specific steps you can take to mitigate against this new ransomware:

• Ensure you have the latest security updates installed.
• Ensure you have the latest AV Signatures from your preferred AV vendor.
• Do not open email/attachments from unknown/untrusted sources

For more information about how the Petya Ransomware works and how to protect your computers against it, please check out this Windows Security blog:

New ransomware, old techniques: Petya adds worm capabilities.

Feel free to let us know if you need further information.

Regards.

 

Thanks for the Heads Up Shawn *Thumbs

 

Hmmm.... we get a hacked in executive, they get a locked out media. Hardly seems fair.

 

Hi, maby stupid question, but lets say i have 3 hd in my computer, wil it encrypt all hd or just the c:/ one? and in my kodi network i have also some hd connected wil they be affected too?

 

Most of these ransomeware attacks go for every disk on the network.

 

This ransomware is really original, it pretends to be a flash installer, but it still works, so whatever.

Avoiding this one is a child's game for any administrator/user.

1. Use SUA or UAC with a password, doh.

2. Enable ValidateAdminCodeSignatures.

Bad Rabbit ransomware - Securelist

Bad Rabbit Ransomware Outbreak in Russia and Ukraine | Anomali

 

Of course guys, make regular image backups, and store offline.

 

So this would even go for the standalone NAS drives in my network ? I’ve got three thinking my pics / docs etc are pretty safe being backed up/mirrored in triplicate (I don’t really like cloud services) Guess I should disconnect one from the network.

presumably if our windows is up to date and defender is on with latest definitions we are protected ?

 

Bad Rabbit: Ten things you need to know about the latest ransomware outbreak

Bad Rabbit: Ten things you need to know about the latest ransomware outbreak | ZDNet

 

What's the significance of Enable ValidateAdminCodeSignatures and does using it create other installation issues?

 

Exe has to be digitally signed, only less used apps do not have a certificate, it costs a lot of money. But you can still run them, just not with admin rights, most do not need them anyway. You can check properties for a certificate, if it does not have one, you will get an error. I have created a script to turn it on/off, when need and shortcuts like this.


Code: reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "ValidateAdminCodeSignatures" /t REG_DWORD /d "0" /f start "" "E:\Software\Windows_Repair_Toolbox.lnk" reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "ValidateAdminCodeSignatures" /t REG_DWORD /d "1" /f[/quote]

 

Hi,
Why MS built in flash player in win-10 is sort of baffling to me
Why flash is still around is also baffling it needs to go away
The End of an Era - Next Steps for Adobe Flash - Windows 7 Help Forums

I suppose MS will just do the oddest thing and buy flash player from Adobe lol *Biggrin

 

Mike, my guess would be that not everyone has switched over to the new standard. If they did away with flash right now, too much content would be unavailable. I think it is on it's way out though. It just may take more time.