RansomwareSponsored by Webroot

61

Solutions

28

Articles & Videos

163

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Topic Sponsored by Webroot
Update on Petya Attack
As noted by our on-site expert, krakatoa, the current vaccine for Petya involves creating a file called perfc in the C://Windows folder and making it read only.  No kill-switch has been discovered, only a local vaccine.  
If you see the reboot notification below, your device has been infected. Turn off your device to prevent future encryption. Petya begins encrypting the device an hour after the initial infection. petyareboot.JPG
4
 
LVL 11

Expert Comment

by:Maclean
Just a random thought. If creating a read only file named perfc is the vaccine, would it also not be the preventative measure?
e.g. create it now, so if infected, nothing will be encrypted for starters?
It might not stop Petya from hitting your PC, but it might prevent finding your files encrypted potentially.
0
 
LVL 11

Expert Comment

by:Maclean
Never mind. I just realized that that's what a vaccine implied. Doh!
2
Free Tool: Site Down Detector
LVL 9
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Gain the added security of knowing you are prepared and properly protected against future ransomware attacks, such the Petya attack, with this free course! Premium members, Team Account members, and Qualified Experts have 3 days to enroll for June’s Course of the Month. Once you enroll, you have 30 days to complete the course.

4
1
2
 
LVL 95

Expert Comment

by:John Hurst
Because:

1. People do not update their systems still.
2. People go to dodgy sites.
3. People open emails from complete strangers.

I am in no way surprised.
1
Petrwrap, specifically, targets the Master File Table (MFT), which is essential for your computer to find files on the computer. By targeting the MFT, the ransomware is able to attack individual files faster than if each file were to be encrypted one-by-one. The good news is… that Petrwrap is detectable by anti-virus tools. Unfortunately, if the anti-virus scanner is delayed in catching it, Petrwrap can easily get a foothold into the computer system and spreads very quickly. Moreover, the encryption is so strong, that it is unlikely to be able to break through the software and recover files.
Check out our blog post on “Why Vulnerability Assessments Are Insufficient” for more information on securing your servers.


http://www.uzado.com/blog/why-vulnerability-assessments-are-insufficient
3
Today's ransomware attack is spreading by SMB through the local network according to Marcus,
 @MalwareTech, who stopped the last attack—known as WannaCry—and is working to stop this one.
malware-tech.JPGPost your advice or news on the currently named "Petya" attack and be sure to ask any questions by tagging the topic "ransomware"  to get solutions fast!
4
 
LVL 17

Expert Comment

by:krakatoa
To vaccinate your computer so that you are unable to get infected with the current strain of NotPetya/Petya/Petna simply create a file called perfc in the C:\Windows folder and make it read only.
1

Many Firms Hit by Global Cyber Attacks - Petrwrap


Firms around the globe are reporting that they have been hit by a major cyber-attack. Some experts have suggested that it could be a ransomware attack, similar to Wannacry which hit last month. Alan Woodward, a computer scientist at Surrey University, said: "It appears to be a variant of a piece of ransomware that emerged last year.

More on this story via the BBC.
8
 
LVL 17

Expert Comment

by:Lucas Bishop
In the meantime, Ukraine Twitter social media account manager is handling this situation like a boss:
https://twitter.com/Ukraine/status/879706437169147906
4
 
LVL 9

Expert Comment

by:Experts Exchange
They have a sense of humor.
0
4
 
LVL 4

Author Comment

by:Doug Walton
Oh jeez, I didn't realize they were that bad with ads!  I have a subscription to them through amazon prime so my ad blocker doesn't have to do anything.
1
 
LVL 10

Expert Comment

by:Andrew Leniart
Yes, I easily tolerate a few adds on websites, but 46 on the front page?  Haha.. Next! :)
0
8
 
LVL 17

Expert Comment

by:Lucas Bishop
Evgeniy Bogachev
0
 
LVL 4

Expert Comment

by:Doug Walton
I think it's being referred to as "NotPetya"

Early reports from a Kaspersky researcher identified the virus as a variant of the Petya ransomware, although the company later clarified that the virus is an entirely new strain of ransomware, which it dubbed “NotPetya.”
0
1
When ransomware hits your clients, what do you do?
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Honda isn't alone in facing these challenges -- according to Reuters, competitors Nissan and Renault also stopped production at plants in Japan, Britain, France, Romania and India last month due to WannaCry attacks.  

This attack should serve as a reminder that even if your business wasn't hit during the initial WannaCry outbreak, you may well still be vulnerable.

More on the latest WannaCry attack and how you can mitigate future attacks here.
3
4
 
LVL 6

Expert Comment

by:Nicholas
Yawn
0
 
LVL 10

Expert Comment

by:Andrew Leniart
I get why the host company decided to pay the ransom to recover customer data, but it sure leaves a bad taste knowing the criminals got anything at all out of an extortion exercise like that, let alone the massive payout that was agreed on.

And what's a web host doing running a service like that without secured backups anyway? Boggles the mind..
2
Only 10 days left to sign up for our ransomware prevention and preparation Course of the Month for June. With a 300% increase in ransomware attacks from 2015 to 2016, it is vital to decrease your vulnerability to the next attack and enhance your security by enrolling today.




5
 

Expert Comment

by:Josh Petraglia
Signed up. What a perfect topic to cover!!!
2
5
 
LVL 6

Expert Comment

by:Nicholas
Old news and was already posted less than a day ago
0
 

Expert Comment

by:Mahima Gupta
why to pay 1 Million, if you can do the same thing in a very less bucks..  http://bit.ly/2rJTnVj
0
Drew Frey writes articles on cyber security and ransomware protection.  Follow him if you're interested in seeing new articles in those topics.

https://www.experts-exchange.com/members/Drew-Frey.html
5
 

Expert Comment

by:Michael Bodine
SP INFOTECH was also part of a scam...they had people calling up with foreign voices and the company name would change..as they answered the phone.. certaintly unpredictable crap.
1
 
LVL 16

Author Comment

by:Kyle Santos
Source?
0
A $1 million payout in a ransomware case?! Well crap... That's worrisome. What'll the hackers do with that money? How many new attempts will this incentivize? What would you do in their place?

https://arstechnica.com/security/2017/06/web-host-agrees-to-pay-1m-after-its-hit-by-linux-targeting-ransomware/
4
 
LVL 11

Expert Comment

by:Maclean
Restore last good version, apologize to clients, and probably end up losing clients would be the proper thing to do.
I would assume that if it was done due to damage control, paying up would lose me more clients and face then dealing with the issue at hand best as one can. This is a terrible incentive to these type of ransomware developers. They might now target this webhost on purpose in the future.
2
 
LVL 6

Expert Comment

by:Nicholas
And the reality is now that this is public news they will lose all their customers anyway and probably be outta business within a month

If some hosting company can afford to pay that much money to get their data back they should have been able to employ someone for a lot less money to make sure it didn't happen in the first place
4
0
For all you people who turn Updates OFF.  Patch Tuesday today and miles of patches. BIG ones for Windows 10 and 7. Updates for XP and Servers. Hop to it.

5
 
LVL 95

Author Comment

by:John Hurst
There is no issue with having manual updates and checking weekly (servers).

My barb above was aimed at people who turn updates off and leave them off. Then they come in here wondering what happened.
0
 
LVL 121

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
most of our Windows 10 machines, are now being served with the Creator Update, and a new version of Windows, and if you wondered where your old files went, that are missing, from your User Profile, Documents....

check Windows.old\Users!
0
2
 
LVL 4

Expert Comment

by:Christ Harold
Really Nice article . Thanks For Sharing the Link
0
Put Machine Learning to Work--Protect Your Clients
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

After the WannaCry ransomware attack, we sat down with Thomas Zucker-Scharff to get the inside information on the technology behind the attack and what steps you can take to prevent this in the future. Read more of his advice. Take a step toward your security by enrolling in our free Course of the Month covering ransomware security and prevention written by Thomas.

4
June’s Course of the Month has been released! Enroll in our community security expert, Thomas Zucker-Scharff's, ransomware prevention and preparation course free of charge. Learn more about the course.
3
The world has now had time to recover and mitigate damage from the widespread WannaCry ransomware attack. We evaluated what it has left in its wake. Tallied damage includes:
 
More than 150 countries.
Currently $111,996.86 has been paid in bitcoin so far to decrypt files.
Around 16 of England’s National Health System organizations affected, with doctors resorting to pen and paper to complete patient records.
Renault, a European auto manufacturer, kept a French plant—that employs 3500 people—closed Monday, May 28th as a “preventative” measure.
 
Learn how to secure your data and prepare against future threats by taking our June Course of the Month covering ransomware prevention and preparation.

 
3
 
LVL 29

Expert Comment

by:masnrock
The sad part is a common failure in projects is failing to ask users for requirements.
1
 
LVL 121

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
The NHS does not consider the opinion of NURSES and DOCTORS worthy!

Very Wrong, and they wonder why, they are all leaving and retiring, now leaving a brain drain in the NHS!
0
Every 10 seconds, a consumer gets hit with ransomware. Enroll in June’s featured Course of the Month to learn the basics of ransomware, how it works, how to prevent it, and what to do if you’ve been infected. Premium members, Team Accounts, and Qualified Experts will enjoy this free course written by our resident security expert, Thomas Zucker-Scharff. Learn more and enroll today!

facebook-ad-1200x628.png
6
When a tech company stops servicing a particular program, software, or piece of hardware, consumers still using the outdated equipment are usually left to fend off security measures, bugs, and other problems that come their way on their own.
 
During the WannaCry ransomware attack a few weeks ago, we saw an unprecedented action from Microsoft, as they stepped up to provide a patch for Microsoft XP, Windows 8, and Windows Server 2003. Microsoft XP is a program they have not supported since 2014.
 
This action to secure vulnerable devices and avoid the encryption of personal, patient, and corporate data showed the tech community that corporations care about more than the bottom line.
 
Learn more about Microsoft’s special patch release and how the tech community has responded.
 
How were you affected by WannaCry? We’d love to hear from you—share your experience online now.
3
There seems to be a general consensus that if you've been hit with a Ransomware Virus, especially if by a newly discovered strain of ransomware, and do not have a reliable and unaffected backup to restore from, that all hope is lost.  

This is not necessarily the case!

Whilst it's true that Ransomware is one of the most difficult "destructive infections" to recover from, recovery should never be considered impossible.

Advising those seeking help that they should just accept defeat and wipe all chances of recovering their data is bad advice. This is a point that has been proven time and time again, particularly with past Ransomware strains that were once considered hopeless, yet have now had decryption recovery tools developed to restore data.

If you have been hit by a Ransomware Virus and don't have a backup - do not accept advice that you should just cut your losses, format your hard drive and admit defeat. That's just letting the criminals win.

The first thing you should do (after deactivating the virus) is make a Full Image Backup of your affected hard drive using an imaging backup tool like Acronis, Macrium Reflect or similar so as to have a copy of all files that were encrypted.  Safely store that backup away for future recovery attempts, or to restore from if a recovery attempt goes belly up.

Once backed up, Wipe and Start fresh if desired to get back to a working …
3
 
LVL 10

Author Comment

by:Andrew Leniart
Security companies do have excellent heuristics and definitions,  but they will never catch everything.

No argument.  But doesn't it then naturally follow that they can never "block" or "prevent" everything either?

Using that train of thought, even with all of the security software that you have protecting your machine(s), how can you be certain that you don't have a key logger recording your key strokes right now? Or a yet unknown time bomb trojan just waiting to jump up and deliver its payload? How could any system ever be trustable?

I'm honestly not trying to be argumentative here, it's just that the logic behind your conclusion is escaping me.

If you can't trust your security software to clean up an infection that has been researched and that it knows about, then how is it that you can trust the same software to prevent a yet unrealized one from occurring?

I'll agree we probably need to disagree.  

Life would be too boring if everyone agreed on everything anyway. :)

My thanks again for your input.
1
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
I guess what I meant was that no one security software is likely to catch everything.  That is why I have a multilayered approach on my machines.  But you are correct, I do not feel safe even with that.  I guess I am on the paranoid side, which begs the question, "Is one paranoid, if the fear is true?"  That is a paraphrase of the original question.

The biggest problem, IMHO, is that to secure one's computer (and still have a computer that actually works, instead of one filled with cement), one needs to put enough security software on there that it slows down even the best of computers.

I would like a product that doesn't hog resources and assures me that I will never get malware of any kind (like that is happening).
2

RansomwareSponsored by Webroot

61

Solutions

28

Articles & Videos

163

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.