Security
Now Reading
Petya/GoldenEye Ransomware outbreak alert! Here’s how to protect your PC!
2

Petya/GoldenEye Ransomware outbreak alert! Here’s how to protect your PC!

by Super DaddyJune 29, 2017
What's your reaction?
Me Gusta
0%
WOW
0%
Potato
0%
Sad Reacc
0%
Angery
0%

Ransomware is a serious threat and by the time you realise it’s seriousness, it might be too late. Previously, the WannaCry outbreak hit record heights in number of computers compromised. While the aftermath has yet to be fully recovered, there has been a new massive ransomware cyberattack that has been spreading worldwide called the Petya/GoldenEye.

What is Petya/GoldenEye and how bad is it compared to WannaCry?

Both malwares are similar, but vastly different. Petya, like WannaCry uses the Eternal Blue exploit to infect Windows machines, especially older and unpatched machines. Once infected, your files are encrypted and the hackers would demand a ransom in terms of bitcoin payment to release the keys. Whether you get the key or not, is subjective, of course. What is even more dangerous here, is that while WannaCry encrypted files one by one, Petya on the other hand is a lot more dangerous where it damages the whole drive, even stopping your from entering the system altogether.

The indications that your system is about to be hit by Petya are somehow very common to your daily sight. First of all, a BSOD (Blue Screen of Death) would be a signal, before your computer automatically reboots by force, to which the encryption process will be completed. You might end up ignoring this because the process looks very similar to how your Windows runs a scan and repair process, except the fact that this time the reboot will end up in nightmare.

Petya/GoldenEye Ransomware outbreak alert! Here's how to protect your PC! 21

Seems legit, right?

Once the reboot is completed, your computer will be fully encrypted, and a note will pop up that requests you to pay the ransom as below:

Petya/GoldenEye Ransomware outbreak alert! Here's how to protect your PC! 22

At this stage, you’re done! There’s nothing you can do

Once you reach this screen, your hard drive is now fully encrypted and there is nothing that you can do about it. Paying the hackers is the least that I would ever do because there is no guarantee that you will get the keys in return. One last try that is worth giving a shot is here.

Which is why, prevention is better than cure. But the BIG question here is;

How do I prevent Petya/GoldenEye Attacks?

The first thing to do is, if you notice any odd BSODs, that eventually lead you to the shutting down pop-up like above, don’t wait for it to complete, reset your desktop immediately. Don’t hit any button whatsoever. Just hit the hard button on your desktop and reset!

To avoid it from happening in the first place, here are some precautions that you can take:

  1. Fix Windows System Vulnerability
    This goes without saying. If you have been thinking that it is OK to use a cracked Windows OS, and updates don’t really matter to you, you are highly likely to be the earlier culprits. These ransomware attackers are always on the lookout for vulnerable systems above anything, so updating your OS is as important as changing your underwear daily. You can download the patches related to Petya/GoldenEye from Microsoft Official Site if you want to speed things up.
  2. Stop or disable Windows Management Instrumentation (WMI) Service
    WMI is a process that you would see running under the LocalSystem role in your Windows OS processes. It is one of the possible gateways for Petya/GoldenEye to enter your system. If you would like to stop or disable this service, checkout this article on Microsoft’s website:Disable WMI Service on Windows

    Take note that once you disable WMI, you will not be able to manage information about the resources of your computer, especially from a remote location.
  3. Create a strong password
    This one goes without saying. Your login password should never be easy to guess. Take note that these hackers have access to plenty of botnet and zombie computers that is capable of catering a massive horsepower for bruteforce attacks. Easy and common passwords are going to be quicker in getting compromised. You do not actually need a much complicated password that you can’t remember. Use an 8 character password with a mix of capital letter, small letter, number, symbol and space and you’re good to go.
  4. Shutdown SMBv1 service
    SMBv1 is now a deprecated network protocol and should not be used anymore. It’s enabled by default to allow network files and printer sharing features. It’s recommended to disable this as this is the main gateway of spreading both WannaCry and Petya/GoldenEye malwares. Follow these steps to disable SMBv1If you do not want to disable SMBv1:

    • Use protected network and do not share private and important files over SMBv1 connections
    • Block inbound/outbound SMB traffic at your firewall (port 445)
    • Restrict SMB to localhost only via hosts file and firewall
  5. Install protection for your PC
    One of the best and quickest way to defend yourself from a massive outbreak is by installing a good security tool that offers anti-ransomware engine and real-time protection. I highly recommend the IObit Malware Fighter 5 as it’s one of the best and quickest real-time protection that you can get for your dekstop; and it’s FREE too.
    Petya/GoldenEye Ransomware outbreak alert! Here's how to protect your PC! 23
  6. Backup, Backup and BACKUP
    In any case, if you are hit by Petya/GoldenEye or any other malware, the quickest and easiest way to recover for a production system is to restore your safe backups. If you have not been doing this, then you need to seriously consider it already before its too late!

 

How to Disable SMBv1 Service

Remember, disabling SMBv1 will disable your file and print sharing services on your local network.

Step 1: Go to your Windows Control Panel and select “Program and Features”

Petya/GoldenEye Ransomware outbreak alert! Here's how to protect your PC! 24

Step 2: Select “Turn Windows features on or off” from the sidebar

Petya/GoldenEye Ransomware outbreak alert! Here's how to protect your PC! 25

Step 3: Look for “SMB 1.0/CIFS File Sharing Support”. It would be checked by default. Uncheck it and click OK

Petya/GoldenEye Ransomware outbreak alert! Here's how to protect your PC! 26

Step 4: Restart your PC and you’re done.

About The Author
Super Daddy
A proof that the real fun does not actually ends, but rather begins when you become a daddy. Enterprise Application Co-ordinator, Web Developer, Hardware Enthusiast, Gadgets lover, Android Evangelist, Desktop and Consoles Gamer, Metal Music Guitarist, Audiophile, Networking Freak, Radio Controlled Toys rat, Ferrari Crazy and above all - a daddy in every kid's dream.
2 Comments
  • July 21, 2017 at 12:14 am

    You should send this news to the Managed IT Support companies all around the world because only we can ensure that all security features on public’s laptops get updated without any mistakes. Regardless of how accurately an average person follows your advice, space for minor flaws still remain, which is enough to harm the security of whole network. Comparatively, professionals at Managed IT Support grounds will always master in the procedure to make sure that nothing can go wrong at any level.

    • July 21, 2017 at 4:41 pm

      Thanks for the insight, Khaled..That was the reason why we wrote this article..In case you know any of the Managed IT Support personnel, feel free to share it with them too :)

Let's Discuss It Further