Things You Can Do To Stop Malicious Virus Breaking Your Computer

in #bitcoin7 years ago

 It looks as though the Petya ransomware that striked European companies the other day,including a lot of Ukraine's critical infrastructure providers, isn't spreading much further. But if you're fretting about the re-emergence of the malware, which is entirely possible given the perpetrators were using a variety of methods to spread it, there are some mitigating steps that have a good chance of stopping any future attack.One way of preventing a PC getting infected is by tricking the malware into thinking it's already on the computer. This can be done by heading to the Windows directory folder (C:Windows) and creating a file named perfc (it'll end up looking something like this: %WINDIR%perfc. Set that to "read only" permissions, says Hacker House CEO Matthew Hickey. This protects PCs because when the malware first runs, it searches for that filename in that folder and if it's found, it'll kill itself, noted Cybereason, one of two cybersecurity firms along with Positive Technologies to find the "vaccine."Second, Hickey recommends that concerned users check whether their computer is already infected, a and if so, if the ransomware is not yet running. To do this, look for two "rundll32.exe" files running in the Windows Task Manager. If they're present, power off the PC and do not turn it back on again. If it is turned back on, the ransomware will then run, encrypt the files and demand $300 in Bitcoin for payment (don't pay: the hackers' email account used to handle payment and provide encryption keys has been closed).

Reinstalling Windows will then remove Petya. With luck, you've got backups to return files to the PC, whether on a device or in the cloud. If not, it's possible to retrieve unencrypted data by downloading a free operating system like Kali Linux and using it to access the PC hard drive before re-installing Windows, Hickey noted.Finally, employ some sensible digital hygiene. In particular, make sure you're running the latest version of whatever Windows system you're running, as this will patch the flaws that both the Petya and WannaCry ransomware exploited (i.e. the vulnerabilities leaked by Shadow Brokers, who claimed the bugs were originally used by the NSA). Ensure Windows firewall is turned on, check antivirus is up-to-date and that all third-party software has been patched too.

For businesses, disabling support for two tools used in the attacks - known as Windows Management Instrumentation and SMBv1 - might be appropriate, or they could simply ensure all user privileges are appropriate. "The attack made use of a software update running with high privileges in Windows domain. This helps spread the attack even when best practice is being followed, so ensure no software update programs have unnecessary privileges," Hickey added. 64 countries hit by Petya. Though Ukraine was the main target of Petya, attempting to infect at least 12,500 PCs Tuesday, Microsoft said had detected infections in another 64 countries, including Belgium, Brazil, Germany, Russia and the U.S.Microsoft also pointed to evidence that a MeDoc, a Ukrainian provider of accounting software, was the source of the attack. Whilst Kaspersky Lab's Costin Raiu claimed that a Ukrainian news website for local paper the Evening Bakhmut, which confirmed it had been affected by the hack, was used to spread. 

 Though they've been significantly reduced, the chances of infection remain. The latest victims reportedly include major corporations, including French bank BNP Paribas and supermarket chain Auchan. 

Sort:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.forbes.com/sites/thomasbrewster/2017/06/28/three-things-you-can-do-to-stop-notpetya-ransomware-wrecking-your-pc/

Very useful post. Thank you for sharing.

You are welcome sir :)