Whew!!!!!
Zero-hour protection
Malwarebytes detected this ransomware in the zero hour, meaning those that have Malwarebytes Premium or our standalone anti-ransomware technology have been protected from the instant this attack began. Both Malwarebytes business users and consumers users are protected if they are using the latest version of the above products.
There are some instructions how to create perfc file in C:/Windows folder over at BleepingComputers:
www.bleepingcomputer.com | news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak
Basically, copying the Notepad.exe and renaming it to "perfc", than giving it "read only" permission.
We have been protected now since Jun 27,2017 10:23 PM UTC: 1.247.197.0
What's New - Microsoft Malware Protection Technologies
I was checking out the Norse tracking map and Microsoft was sending out a lot of attacks to servers in Washington DC. It looks like DC is the main target right now. Norse Attack Map
Thanks for warning Steve. One can usually trust the guys at Bleeping Computers. Will check it out. Kaspersky could react to changes in Windows dir...
Edit: can't imagine what would trigger Kaspersky, except that it just reacts to creating files in C:\Windows..
There are just 3 files, filled with some text (don't delete this.. is a vaccine ...) named perfc, perfc.dll and perfc.somtething else
but only if you don't use it to connect to you NAS or whatever of course...
It was patched in march so if you run Windows update you should be OK.
https://www.us-cert.gov/ncas/current...-Vulnerability
Not really..
System is patched for original Eternalblue (WannyCry), but not for other exploits."Petya uses the NSA Eternalblue exploit but also spreads in internal networks with WMIC and PSEXEC. That's why patched systems can get hit." Mikko Hypponen confirms, Chief Research Officer at F-Secure.
All major AV and Antimalware companies updated their software, so users are on the safe side by now. Industrial solutions are other story...
Quote