Page 1 of 10 123 ... LastLast
  1.    27 Jun 2017 #1
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,946
    Windows 10 (Pro and Insider Pro)

    New global ransomware attack hits East Europe and spreading


    Another massive attack is going on at the moment. It started in Ukraine and Russia and is already all over Europe and US too.

    Bitdefender Labs confirms that the GoldenEye / Petya ransomware leverages the EternalBlue exploit to spread from one computer to another. Additional exploits are also used to propagate
    Read more on bitdefender.com | massive-goldeneye-ransomware-campaign-slams-worldwide-users/

    Independent is reporting about Patya (Kaspersky identification of the same..)

    The so-called "Petya" cyberattack, which started in Ukraine, has spread across the globe over the last 24 hours. The attack hit major companies in countries like Spain, India, and the UK, and now appears to have reached the US.
    A lot of news around. thehackernews.com | 2017/06/petya-ransomware-attack
    "Petya uses the NSA Eternalblue exploit but also spreads in internal networks with WMIC and PSEXEC. That's why patched systems can get hit." Mikko Hypponen confirms, Chief Research Officer at F-Secure.
    Last edited by AndreTen; 27 Jun 2017 at 13:45.
      My ComputerSystem Spec
  2.    27 Jun 2017 #2
    Join Date : Nov 2013
    Chicagoland
    Posts : 33,899
    Dual boot Windows 10 FCU Pro x 64 & Insider 10 Pro

    Thanks for reporting this here, Andre.

    What a crime. Will it ever end?!!
      My ComputersSystem Spec
  3.    27 Jun 2017 #3
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,946
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    Quote Originally Posted by HippsieGypsie View Post
    Thanks for reporting this here, Andre.

    What a crime. Will it ever end?!!
    This is business oriented attack and spreads very similar like WannaCry did, but exploits additional vulnerabilities. Disabling SMBv1 is smart move.

    thehackernews.com | windows-10-redstone3-smb
    Microsoft has recently announced the beta release of Windows 10 "Creators Update," also known as "Redstone 2" (Version 1703), which disables the SMB1 protocol by default, and after testing and getting feedback from the community, the company has decided to completely remove the protocol in the next stable version of the operating system.

    A Microsoft representative has just confirmed this to Threatpost, saying "We can confirm that SMBv1 is being removed for Redstone 3 [codename for the Windows 10 Fall Creators Update]."
      My ComputerSystem Spec
  4.    27 Jun 2017 #4
    Join Date : Nov 2013
    Chicagoland
    Posts : 33,899
    Dual boot Windows 10 FCU Pro x 64 & Insider 10 Pro

    In addition to that from Ed Bott, who posted this article back in mid May. I'm sure others did as well.

    In the interests of implementing a comprehensive, multi-layer security policy, Microsoft recommends that you disable the SMBv1 protocol completely. The world has already moved on to SMBv3, and there's no excuse for continuing to let that old and horribly insecure protocol run on your network.
    More here: Windows 10 tip: Stop using the horribly insecure SMBv1 protocol | ZDNet
      My ComputersSystem Spec
  5.    27 Jun 2017 #5
    Join Date : Oct 2014
    Posts : 920
    Windows 10 Pro

    Firewall servers and require access via jumpboxes.
      My ComputerSystem Spec
  6.    27 Jun 2017 #6
    Join Date : May 2015
    Posts : 423
    Redstone_Two

    Disabling SMB 1.0


    Control Panel/Programs and Features/Turn Windows features on or off.
    Attached Thumbnails Attached Thumbnails SMBv1.PNG  
      My ComputerSystem Spec
  7.    27 Jun 2017 #7
    Join Date : Oct 2014
    Trnava
    Posts : 2,866
    Windows 10.4 Home 1709 x64

    Luckily, this little beauty has got the kill switch.
    Create a file called perfc with no extension in %windir% and #Nopetya won't run! SHARE!!
    Source: Amit Serper (@0xAmit) | Twitter


    If you add "PsExec.exe" to disallowed apps, you can stop it from spreading from your computer.
    Code:
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "PsExec.exe" /f


    If you see the message bellow, pull off the cable and DO NOT turn on the computer.

    You can still save data from HDD. Source: Hacker Fantastic on Twitter:
    Attached Thumbnails Attached Thumbnails 19510371_917733855040783_3868499732247392388_n.jpg  
      My ComputerSystem Spec
  8.    27 Jun 2017 #8
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,946
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    Quote Originally Posted by TairikuOkami View Post
    Luckily, this little beauty has got the kill switch.

    Source: Amit Serper (@0xAmit) | Twitter


    If you add "PsExec.exe" to disallowed apps, you can stop it from spreading from your computer.
    Code:
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "PsExec.exe" /f


    If you see the message bellow, pull off the cable and DO NOT turn on the computer.

    You can still save data from HDD. Source: Hacker Fantastic on Twitter:
    Thanks for posting this TairikuOkami. Could help a lot of users
      My ComputerSystem Spec
  9.    27 Jun 2017 #9
    Join Date : Oct 2014
    Trnava
    Posts : 2,866
    Windows 10.4 Home 1709 x64

    Important notice: Paying the ransom will not help you get your data back.

    Posteo, the email provider where the Petya author is hosting an inbox to handle victims from today's massive ransomware outbreak, has announced that it shut down the crook's email account: wowsmith123456@posteo.net.

    The German email provider's decision is catastrophic news for Petya victims, as they won't be able to email the Petya author in the case they want to pay the ransom to recover sensitive files needed for urgent matters.
    Email Provider Shuts Down Petya Inbox Preventing Victims From Recovering Files
      My ComputerSystem Spec
  10.    27 Jun 2017 #10
    Join Date : Jan 2014
    Get Off My Lawn
    Posts : 4,681
    Win10 Pro
      My ComputersSystem Spec

 
Page 1 of 10 123 ... LastLast


Similar Threads
Thread Forum
Prophetic BMJ letter - did this make NHS target for Ransomware attack?
It seems possible that this prophetic British Medical Journal letter from May 10 edition (online May 11, the day before the WannaCry Exploit hit the world) may have focussed the current ransomware attack on UK NHS hospitals: 135086 The...
Windows 10 News
Ransomware hits Chicago Med (TV drama series)
So tonight, on the American TV show Chicago Med, the show dealt with the issue of ransomware. In this episode, the hospital’s entire computer network was locked out by Ransomware thus crippling the entire hospital. For the record, Chicago Med...
Chillout Room
Watch Live from PAX EAST March 10-12th 2017
PAX (originally known as Penny Arcade Expo) is a series of gaming festivals held in Seattle, Boston, Melbourne, and San Antonio. PAX was created by Jerry Holkins and Mike Krahulik, the authors of the Penny Arcade webcomic, because they wanted to...
Windows 10 News
Solved Virus spreading over Wi-Fi!?
So, my Dad is going to purchase a new Windows Device for me (A bit late for XMas). My Dad also owns devices that have been infected be Viruses and other infections. If I connect to the Wi-Fi on my Windows Device, can Viruses and other infections...
AntiVirus, Firewalls and System Security
New Ransomware attack
Only 5 days out and Win10 being screwed with. This link was in an E-Mail today: New Windows 10 scam will encrypt your files for ransom | ZDNet
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:55.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums