What's new
Fantasy Football - Footballguys Forums

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

PETYA - NOTPETYA (1 Viewer)

LAUNCH

Footballguy
To quickly stop Petya right now - MS17-010 patch AND blocking ADMIN$ via GPO will stop lateral movement on WMI and PSEXEC.

https://www.cnet.com/news/unprecedented-cyberattack-hits-businesses-across-europe/?ftag=COS-05-10aaa0b&linkId=39163079

Another widespread ransomware attack is threatening to wreak havoc across the world. 

Businesses and government agencies have been hit with a variation of the Petya ransomware -- that is, malware that holds crucial files hostage. The malware is demanding $300 in bitcoin before victims can regain access.

The new ransomware, identified by security firm Bitdefender as GoldenEye, has two layers of encryption, researchers said. It locks up both your files and your computer's file system.

"Just like Petya, it is particularly dangerous because it doesn't only encrypt files, it also encrypts the hard drive as well," said Bogdan Botezatu, a senior threat analyst with Bitdefender. 

 
figures, my last night of ogling Chaturbate harlots on my 65" in the parlor (my gf & daughter come home tomorrow) 

:kicksrock:

:ptts:

 
#Petya encrypts ON BOOT. If you see CHKDSK message your files not yet encrypted, power off immediately. You can recover with with LiveCD.

 
Actually if you just disable SMBv1 (or apply the March patch for non win 10 users, as you mentioned) you're pretty much good to go.  

 
I got a push of MSFT patches this morning from the automated IT service at my work. Now I can't open attachments embedded within Outlook.

Not sure which is worse.

 
I got a push of MSFT patches this morning from the automated IT service at my work. Now I can't open attachments embedded within Outlook.

Not sure which is worse.
Did you try blocking your ADMIN$ from the GPO lateral unit WMI PSLEX protocol?

 

Users who are viewing this thread

Back
Top