Advertising banner:
 
 Tips to prevent Petya/GoldenEye ransomwarePostmark
Home • General • Tips to prevent Petya/GoldenEye ransomware
 
From:Wednesday, June 28, 2017 6:43 PM +0200
Subject:Tips to prevent Petya/GoldenEye ransomware 
To:
Cc:
Dear colleagues from Eurodesk network
Recently there has been another outbreak of a ransomware called Petya/GoldenEye which supposedly started in Ukraine and managed to cause huge distruptions in Ukraine's major international airport propagating to Europe (so far in 2 days it affected by reports about 2000 computers).

Here are some tips you can use to make your computer and your organisation invulnerable to it.

1. Fix System Vulnerability
System vulnerability is always the target of ransomware. It’s crucial to keep your system up-to-date. You can go to Microsoft Official Site to download the latest patches for your older version Windows. Whatever you do, don't stick with an oudated Windows XP doing huge Excel files in your office in 2017 :-)
Also, if an email starts its headings by threatening you that you will lose "something" if you don't do "this verification" or "patch" go through the whole suspicious game first. If it's an office file (such as excel, word) don't give it Macro permissions unless you trust the sender.

2. Disable WMI service
WMI runs automatically at system startup under the LocalSystem account. The service can be used by Petya to spread the ransomware.
You can follow the steps to stop WMI service: https://msdn.microsoft.com/en-us/library/aa826517(v=vs.85).aspx
Note: If WMI service is not running, you cannot manage, monitor, or retrieve information about the resources on the computer, especially remotely.

3. Create a Stronger Password for Your System
A strong password can help you improve the security of your system by prevent malicious programs from accessing your system easily. For example, you can mix the password with capitalized letters, symbols and numbers. If possible, keep the security settings high so it always asks for password when trying to run sensitive processes or new installations.

4. Close the service of SMBv1
SMBv1 is a very old deprecated network protocol and might be attacked by Petya ransomware. You can disable it to prevent the attack. There's though a potential impact that file and print sharing won't work anymore on a local area network.

*Don't want to disable SMBv1? Here are the tips for you:
Only use protected networks and do NOT share important files over SMBv1 connections                                                          Block inbound/outbound SMB traffic at your border firewalls                                                                                                       Restrict SMB only localhost (your own computers) via local host firewalls (for this maybe ask your IT dept.)

5. Install PC Protection Program on Your Computer
The most effortless but effective way to block ransomware is making good use of a system security tool which offers anti-ransomware engine and real-time protection. Malwarebytes is one good choice and Spybot 2.6 is another good choice for you to detect ransomware threats in real-time and protect the computer against Petya attack - and they're both free.

6. Last but not least if you didn't follow any of the tips (or your friends didn't and see something like this )
shut down the computer immediately and your files will be safe on the HDD - they can be recovered by a specialised IT company connecting your HDD externaly and as always:

- Educate end-users to remain vigilant when opening attachments or clicking on links from senders they do not know
- Ensure you have the latest updates installed for your anti-virus software, vendors are releasing updates to cover this exploit as samples are being analysed
- Ensure you have backup copies of your files stored on local disks. Generally, user files on local drives are replicated from a network share
- Operate a least privileged access model with employees. Restrict who has local administration access


Hope this helps you stay safe :-)

Kind regards,
kraszuk.eu