About Petya Ransomware!

in #petya7 years ago

A kind of petite nursery viruses.

EternalBlue, which is used to spread WannaCry over the systems, is being used on the same mesh as Petya 'dada.
Unlike WannaCry, Petya is a different ransom software. Frequently used analyzers are also available, such as phishing e-mails or scam techniques, ie techniques used to infect the system, do not change. The fetcher needs a local administrator login to encrypt the data on the system it is in.

Now you will say that they were wannacry dada and petya dada, but still managed to spread to thousands of systems?

That's why the companies or the owners of the inferior systems do not have to do more prudent reviews and the postmaster is due to the fact that it is caused by the attachment of the pile. It is only one way to keep the size of the trustworthy one and it is the only person who can hold the trust. If you are one of the first Internet users to get rid of this malicious software, you can not approach malicious software, you start security awareness.

Prevention Tip # 1: Malware, grant administrator rights on local computer. The standard application should give the administrator the written permission. I would consider limiting who has local administrator rights to prevent the execution of the abuse code in organizations. Home users should also consider using a Standard User Account for daily transactions.
Once it has been run, the peta software that initiates the encryption process changes the system's preview procedure (MBR) with a special boot record. When MBR is changed, the peta system crashes! When the computer is rebooted, the encrypted cores of the data are loaded and a screen appears showing a pseudo-disk check operation.

Start encrypting the NTFS partitions located on NTFS partitions. Encrypt to encrypt for decryption.

Priority Tip # 2: Some Windows systems crash when rebooted automatically. You can disable this feature in Windows. This way, you can recover your data from the local disk by modifying the encryption of your files. Click to learn how to do this.
Once the Fake Disk check is complete, the user will be presented with a page that tells you how to recover data by paying a bit of money.

In addition to the prevention tips listed above, I would like to mention some of the suggestions you can use to help protect an attack from the attack and reduce most of the activity ...

SUGGESTIONS FOR COMPANIES

1 # Perform the latest Microsoft security patches, including MS17-010, which fixes the SMB security vulnerability.

2 # Consider disabling SMBv1 to prevent the spread of malware.

3 # Be alert to your staff being careful when clicking Attachments or clicking on links from unknown mails.

4 # Terminating for anti-virus software Make sure that you have installed updates, vendors are updating the samples to review these vulnerabilities.

4 # Your files are copied on external disks.

5 # To prevent data loss when an attack occurs, prevent others from writing data outside of the hard disk's designated areas of the network

6 # Use a number of people and a privileged authorization model. Reduce the number of people authorized to use local government.

SUGGESTIONS FOR HOUSE USERS
1 # Ensure that automatic updates are enabled and that the latest security patches are applied.
2 # Update your antivirus software to the latest version and update the virus database.
3 # User Access Control Handles trusted and administrative privileges as a standard user, not as a user.
4 # As a home user, consider using a cloud backup or online storage provider such as DropBox, Google Drive, and Microsoft OneDrive.
5 # The petals do not encrypt the files themselves; All of your files are encrypted in the File Table, which is a directory on the hard disk drive in the depot. It is incredibly difficult to determine where the files are located without a directory.