Saying people should do something they actively don't doesn't really address any problem. ![]() I'm getting a bit tired of that 'update your windows 10' crap.įirst of all, windows (specially 10) updates are a mess. This tweet by Hacker Fantastic details what is actually the encryption process and how you can throw a spanner in the works. Is there anything I can do if I am affected? It's good practice to always back up your important files. If you don't have a backup, you might have lost your stuff. Right now there's not a lot suggesting compromised files will ever be accessible again. Some people may not like "forced updates" but in most cases you shouldn't ignore them. If you don't have your updates turned on, that's a good place to start. As detailed above, Microsoft already released a patch to mitigate at least the EternalBlue exploit, so the first port of call is to make sure that patch is installed. Sadly, we're always at some kind of risk on the internet. Users have to send an email to get their decryption codes, and as reported by The Verge, that email address has been shut down:īut in the wake of today's globe-spanning infections, Posteo announced today that all account access to the "wowsmith" address have been blocked, making it impossible for the group to read or respond to any messages sent to the address.Ĭhances are you won't get the key you need even if the miscreants behind the attack ever planned on sending it out. Instead of a unique wallet per user as with WannaCry, Petya is stuffing it all into one. In this case, there's also the issue of how the ransom is being collected. These people don't want to be found, so they're unlikely to do anything that would give authorities any kind of edge in tracking them down. No way! Remember that these are criminals, and chances are you'll be both out of pocket and without your files if you pay. Organizations in France, the UK, Russia, Denmark and the U.S. The outbreak is reported to have surfaced in Eastern Europe, with the Ukraine in particular being hit hard. But this "vaccine" doesn't actually prevent infection, and the malware will still use its foothold on your PC to try to spread to others on the same network. Unlike WannaCry, Petya looks to spread within local networks without seeding itself externally, perhaps limiting its early global impact somewhat.Īs reported by The Guardian, there is a secondary "vaccine" that may prevent infection on a specific PC, but it leaves Petya free to try and spread to others:įor this particular malware outbreak, another line of defence has been discovered: 'Petya' checks for a read-only file, C:\Windows\perfc.dat, and if it finds it, it won't run the encryption side of the software. If that fails because the system has been properly patched, for example, it moves on to the second method, which is to use two Windows administrative tools. ![]() Once again, as with WannaCry, Petya utilizes the leaked EternalBlue exploit first developed by American security services. Petya tries to infect PCs using two methods, moving on to the second if the first fails. Microsoft's March 2017 MS17-010 security update (opens in new tab) is where the necessary patches have been compiled.
0 Comments
Leave a Reply. |