Windows 10: New global ransomware attack hits East Europe and spreading

Page 2 of 10 FirstFirst 1234 ... LastLast
  1. f14tomcat's Avatar
    Posts : 36,257
    Triple boot - Win 10 Pro, Win 10 Pro Insider (2) - (and a sprinkling of VMs)
       27 Jun 2017 #11

    Whew!!!!!

    Zero-hour protection

    Malwarebytes detected this ransomware in the zero hour, meaning those that have Malwarebytes Premium or our standalone anti-ransomware technology have been protected from the instant this attack began. Both Malwarebytes business users and consumers users are protected if they are using the latest version of the above products.
      My ComputersSystem Spec

  2. AndreTen's Avatar
    Posts : 14,169
    Windows 10 (Pro and Insider Pro)
    Thread Starter
       27 Jun 2017 #12

    There are some instructions how to create perfc file in C:/Windows folder over at BleepingComputers:

    www.bleepingcomputer.com | news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak

    Basically, copying the Notepad.exe and renaming it to "perfc", than giving it "read only" permission.
      My ComputersSystem Spec

  3.    27 Jun 2017 #13

    Defender: 1.247.197.0/Petya


    We have been protected now since Jun 27,2017 10:23 PM UTC: 1.247.197.0

    What's New - Microsoft Malware Protection Technologies
    Attached Thumbnails Attached Thumbnails Petya.PNG  
      My ComputerSystem Spec

  4. bro67's Avatar
    Posts : 4,887
    Mac OS High Sierra 10.13.5
       27 Jun 2017 #14

    I was checking out the Norse tracking map and Microsoft was sending out a lot of attacks to servers in Washington DC. It looks like DC is the main target right now. Norse Attack Map
      My ComputerSystem Spec

  5.    28 Jun 2017 #15

    AndreTen said: View Post
    There are some instructions how to create perfc file in C:/Windows folder over at BleepingComputers:

    www.bleepingcomputer.com | news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak

    Basically, copying the Notepad.exe and renaming it to "perfc", than giving it "read only" permission.
    Beware of using the batch file in that link. It creates some other files including perfc.dat which Kaspersky Total Security promptly deleted.
      My ComputersSystem Spec

  6. AndreTen's Avatar
    Posts : 14,169
    Windows 10 (Pro and Insider Pro)
    Thread Starter
       28 Jun 2017 #16

    Steve C said: View Post
    Beware of using the batch file in that link. It creates some other files including perfc.dat which Kaspersky Total Security promptly deleted.
    Thanks for warning Steve. One can usually trust the guys at Bleeping Computers. Will check it out. Kaspersky could react to changes in Windows dir...

    Edit: can't imagine what would trigger Kaspersky, except that it just reacts to creating files in C:\Windows..

    There are just 3 files, filled with some text (don't delete this.. is a vaccine ...) named perfc, perfc.dll and perfc.somtething else
      My ComputersSystem Spec

  7.    28 Jun 2017 #17

    I'm curious, how are these hackers able to get hold of NSA exploits?
    @bro67 Can you tell me what Norse tracking map is?
      My ComputerSystem Spec

  8.    28 Jun 2017 #18

    AndreTen said: View Post
    Disabling SMBv1 is smart move.
    but only if you don't use it to connect to you NAS or whatever of course...

    It was patched in march so if you run Windows update you should be OK.

    https://www.us-cert.gov/ncas/current...-Vulnerability
      My ComputerSystem Spec

  9. AndreTen's Avatar
    Posts : 14,169
    Windows 10 (Pro and Insider Pro)
    Thread Starter
       28 Jun 2017 #19

    lx07 said: View Post
    but only if you don't use it to connect to you NAS or whatever of course...

    It was patched in march so if you run Windows update you should be OK.

    https://www.us-cert.gov/ncas/current...-Vulnerability
    Not really..
    "Petya uses the NSA Eternalblue exploit but also spreads in internal networks with WMIC and PSEXEC. That's why patched systems can get hit." Mikko Hypponen confirms, Chief Research Officer at F-Secure.
    System is patched for original Eternalblue (WannyCry), but not for other exploits.

    All major AV and Antimalware companies updated their software, so users are on the safe side by now. Industrial solutions are other story...
      My ComputersSystem Spec

  10.    28 Jun 2017 #20

    AndreTen said: View Post
    Not really..
    "Petya uses the NSA Eternalblue exploit but also spreads in internal networks with WMIC and PSEXEC. That's why patched systems can get hit." Mikko Hypponen confirms, Chief Research Officer at F-Secure.
    Ah interesting, I missed that bit. These only work if you are running Admin account (or with Admin rights) though correct?
      My ComputerSystem Spec


 
Page 2 of 10 FirstFirst 1234 ... LastLast

Related Threads
It seems possible that this prophetic British Medical Journal letter from May 10 edition (online May 11, the day before the WannaCry Exploit hit the world) may have focussed the current ransomware attack on UK NHS hospitals: 135086 The...
So tonight, on the American TV show Chicago Med, the show dealt with the issue of ransomware. In this episode, the hospitalís entire computer network was locked out by Ransomware thus crippling the entire hospital. For the record, Chicago Med...
PAX (originally known as Penny Arcade Expo) is a series of gaming festivals held in Seattle, Boston, Melbourne, and San Antonio. PAX was created by Jerry Holkins and Mike Krahulik, the authors of the Penny Arcade webcomic, because they wanted to...
Solved Virus spreading over Wi-Fi!? in AntiVirus, Firewalls and System Security
So, my Dad is going to purchase a new Windows Device for me (A bit late for XMas). My Dad also owns devices that have been infected be Viruses and other infections. If I connect to the Wi-Fi on my Windows Device, can Viruses and other infections...
New Ransomware attack in AntiVirus, Firewalls and System Security
Only 5 days out and Win10 being screwed with. This link was in an E-Mail today: New Windows 10 scam will encrypt your files for ransom | ZDNet
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:22.
Find Us