How to Avoid Petya Ransomware Attacks?

A new ransomware namely Petya (also known as Petwrap/ NotPetya / Nyetya) is sweeping through the US and Europe rapidly.  It has attacked over 12,500 computers including large firms and public utilities, such as, banks, power utilities, and nuclear plant and more.

 

How does it work?

It was reported that the ransomware spread via phishing email and then infected other computers within local network.

Like WannaCry, the Petya targets SMB v1.0 vulnerability in Microsoft Windows. However, the Petya is more sophisticated as it uses a cocktail of powerful techniques to break into a network and from there spread from computer to computer.  It adopts Windows client-side attacks and spreads on the internet via WMIC and PSEXEC.  The infected computer will be rebooted after one hour and encrypted MFT and modified the Master Boot Record (MBR). 

 

Prevention Measures

Step 1.  Download & install individual Windows versions (click here)

Step 2.  Block TCP ports 139 and 445 on firewall or broadband router in place

Step 3.  Disable SMBv1 service (click here for steps)

Step 4.  Perform offline backup & disconnect storage device after backup

Step 5.  Install or update anti-virus software

Step 6.  Create a "Strong Password" including capital letters, lower-case letters, numbers, symbols, and at least 8 characters.

Professional Advices 

• Do not open suspicious links and attachments by Domain Controller or using Domain Administrator account.
• Acquire adequate cybersecurity protection, for instance, use Email Anti-Spam Service, enable Windows Firewall, and update Windows and anti-virus software frequently.
• Backup important documents and data regularly by using enterprise-level cloud storage service, such as ownCloud provided by UDomain.

For the latest cybersecurity services, please contact our managed security service experts at (852) 2554 7545 or service@udomain.hk.