Windows 10: New global ransomware attack hits East Europe and spreading

Another massive attack is going on at the moment. It started in Ukraine and Russia and is already all over Europe and US too.

Read more on bitdefender.com | massive-goldeneye-ransomware-campaign-slams-worldwide-users/

Independent is reporting about Patya (Kaspersky identification of the same..)

A lot of news around. thehackernews.com | 2017/06/petya-ransomware-attack

:)

 

RANSOMWARE ATACK

If you are referring to the recent WannaCry Ransomware Global attack....

WannaCry spreads by exploit in a weakness found in Microsoft Windows which was formerly exploited by the US National Security Agency (NSA) and targets unpatched systems. A group known as The Shadow Brokers claimed to have dumped hacking tools stolen from
NSA.

• WannaCrypt ransomware worm targets out-of-date systems
• Wana Decrypt0r Ransomware Using NSA Exploit Leaked by
  Shadow Brokers
• Say Hello to 'WannaCry'
• Ransomware infections reported worldwide
• WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm
• The worm that spreads WanaCrypt0r
• How did the WannaCry Ransomworm spread?

Microsoft Customer Guidance for WannaCrypt attacks

How to Protect yourself from the WannaCry or Wana Decryptor Ransomware

How to protect yourself from WannaCry ransomware

Microsoft releases WannaCrypt protection for out-of-support products...Windows XP, Windows 8, & Windows Server 2003

Quote from
Microsoft Customer Guidance for WannaCrypt attacks

"...we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted
by the attack today.

If you are referring to something else, then more information will be needed.

 

Is Windows 10 still vulnerable to WannaCry Ransomware?

Social engineering is just one of various attack vectors.

Section :step2: in this topic explains the most
common methods Crypto malware (file encrypting ransomware) and other forms of ransomware is typically
delivered and spread.

• Anatomy of a ransomware attack
• Spotlight on Ransomware: Common infection methods
• Spotlight on Ransomware: How ransomware works

 

Thanks for reporting this here, Andre.

What a crime. Will it ever end?!!

 

This is business oriented attack and spreads very similar like WannaCry did, but exploits additional vulnerabilities. Disabling SMBv1 is smart move.

thehackernews.com | windows-10-redstone3-smb

 

In addition to that from Ed Bott, who posted this article back in mid May. I'm sure others did as well.

More here: Windows 10 tip: Stop using the horribly insecure SMBv1 protocol | ZDNet

 

Firewall servers and require access via jumpboxes.

 

Control Panel/Programs and Features/Turn Windows features on or off.

 

Luckily, this little beauty has got the kill switch.

*chuckle

Source: Amit Serper (@0xAmit) | Twitter


If you add "PsExec.exe" to disallowed apps, you can stop it from spreading from your computer.
Code: reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "PsExec.exe" /f[/quote]

If you see the message bellow, pull off the cable and DO NOT turn on the computer.

You can still save data from HDD. Source: Hacker Fantastic on Twitter:

 

If you see the message bellow, pull off the cable and DO NOT turn on the computer.

You can still save data from HDD. Source: Hacker Fantastic on Twitter: [/quote] Thanks for posting this TairikuOkami. Could help a lot of users

 

Important notice: Paying the ransom will not help you get your data back. *Sad

Email Provider Shuts Down Petya Inbox Preventing Victims From Recovering Files

 

MBAM if you don't have it, get it.

Petya-esque ransomware is spreading across the world - Malwarebytes Labs | Malwarebytes Labs

 

Whew!!!!!

Zero-hour protection

Malwarebytes detected this ransomware in the zero hour, meaning those that have Malwarebytes Premium or our standalone anti-ransomware technology have been protected from the instant this attack began. Both Malwarebytes business users and consumers users are protected if they are using the latest version of the above products.

 

There are some instructions how to create perfc file in C:/Windows folder over at BleepingComputers:

www.bleepingcomputer.com | news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak

Basically, copying the Notepad.exe and renaming it to "perfc", than giving it "read only" permission.

 

We have been protected now since Jun 27,2017 10:23 PM UTC: 1.247.197.0

What's New - Microsoft Malware Protection Technologies