If you have not done so already, you should immediately install the MS17-010 patch from Microsoft.

If you are technically able to, we recommend you block network access to port 445 on your Windows workstations. You may also want to monitor traffic to that port if you are a security professional.

Keep an eye on the Microsoft Security Response Center where they will hopefully release formal guidance soon.

Update June 28 3:19pm PST: A Vaccine has been Found

In the past couple of hours researchers have found a ‘vaccine’ against having your files encrypted by this new variant of Petya. They discovered that if a file exists, the encryption routine will not run.

Amit Serper who found this had their findings confirmed by other security researchers.

To vaccinate a machine against this ransomware, simply create a file called perfc in the C:\Windows folder and mark it read only. The following batch file courtesy of BleepingComputer will do the job for you:

https://download.bleepingcomputer.com/bats/nopetyavac.bat

This post in BleepingComputer also includes instructions on how to create the file manually if you would prefer to do that. Once this file is created, the encryption routine for this specific ransomware variant will not run and encrypt your files.



Sunday, July 2, 2017







« Back