Friday, June 30, 2017

Prevent Petya/Petwrap/NotPetya Ransomware Attack

This week, new ransomware called Petrwrap (NotPetya) attacked Windows PC across the globe today. It locks hard drive MFT and MBR sections and preventing computers from booting. Unless victims opted to pay hacker $300 by BitCoin (which is not recommended), there was no way to recover their systems.


Unfortunately Amit Serper (a security expert) has found a way to prevent the Petya(NotPetya/SortaPetya/Petna) ransomware from infecting computers. The solution is create C:\Windows\perfc file and make it read only. This batch file can help you for quickly: https://github.com/vnheros/utilscripts/blob/master/nopetyavac.bat. It also creates perfc.dat and perfc.dll for more secure. Let run it with Administrator right:




Here are emails which are used to send infected attached files (don't open email when receiving from theses emails):
  • wowsmith123456@posteo.net
  • iva76y3pr@outlook.com
  • carmellar4hegp@outlook.com
  • amanda44i8sq@outlook.com
Another required actions are:
  • Let update your Windows, especially patches for MS17-010, CVE 2017-0199.
  • Disable SMB port: 445/137/138/139
  • Remove WMIC (Windows Management Instrumentation Command-line) tool
Hope you are safe after this attack storm!
Subscribe to RSS Feed Follow me on Twitter!