New
#1
Posts in the AntiVirus section suggest disabling the vulnerable SMBv1 file sharing protocol
Hackers launched blistering ransomware attacks Tuesday against companies and agencies across the world, particularly targeting Ukranian businesses.
Major global firms reported that they had been targeted, including British advertising agency WPP (WPPGY), Russian oil and gas giant Rosneft and Danish shipping firm Maersk.
"IT systems in several WPP companies have been affected by a suspected cyber attack," WPP said on its Twitter account.
Maersk issued a similar statement, saying its tech systems "are down across multiple sites and business units due to a cyberattack."
The U.S.-based pharmaceutical company Merck (MRK) also said it was hit.
"We confirm our company's computer network was compromised today as part of global hack," Merck said on Twitter.
The source of the attack is not yet clear. It is similar to WannaCry, which spread globally in May, but there are differences. Both asked victims to pay Bitcoin to get their files back, and both use a similar flaw to spread through networks...
Read More:
Another big malware attack ripples across the world - Jun. 27, 2017
Posts in the AntiVirus section suggest disabling the vulnerable SMBv1 file sharing protocol
"Are those of us having latest windows update and SMBv1 disabled safe with the new attack"
Apparently this protocol will default to OFF in the Fall Creators Update. For those who want to disable but don't know how: open Powershell (Admin) then type and Enter -
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
or, in Control Panel/Programs and Features/Turn Windows Features on or off and untick box. Restart is required
Apparently some software could be to blame ?
Tax software blamed for cyber-attack spread - BBC News
And it is suspected was spread via the software's automatic updates !
Alan Woodward, a computer scientist from the University of Surrey, said: The ironic thing about this situation (if it proves to be the case) is that we always advise users to keep their software up to date, ideally using automated updates.
"However, it assumes hackers can't take over the update process and misuse it.
I've always worried about this with Microsoft's own auto update system, could it be abused in the same or similiar way.
Can someone write a simple .bat file to run this?
Petya Ransomware Vaccine: This Will Protect You From Latest Attack
Use elevated CMD prompt to enter:
cd \windows
copy notepad.exe perfc
copy notepad.exe perfc.dat
copy notepad.exe perfc.dll
attrib +R perfc
attrib +R perfc.dat
attrib +R perfc.dll