Recently, a new strain of ransomware attack broke out. Many organizations in Europe and the US have been crippled by the new ransomware called Petya/GoldenEye. It spreads rapidly across the world and is expanding the infection. Here’s what you need to know about Petya/GoldenEye and how to prevent the attack:
What Is Petya/GoldenEye?
Similar to WannaCry, Petya uses the Eternal Blue exploit to infect Windows devices, especially older Windows systems. Not like WannaCry which encrypts the files one by one, Petya is much more dangerous that can damage the whole hard drive, even stop you entering your system.
How Does Petya Attack Work?
While Petya is trying to infect a computer, Blue Screen of Death can be a signal, then the system will reboot by force to finish the encryption. This can be ignored easily as the process looks like Windows scanning and repairing the system itself. Once the reboot finished, the computer is encrypted and a note will pop up to alert the user to pay the ransom.
How to Prevent Petya/GoldenEye Attacks?
Ransomware attack can be a real disaster as it threatens your important files and money. So you need to keep alert to any suspicious action on your computer. Once you get this popup below, you should shut down your PC immediately in case of infecting Petya.
Here you are the tips to prevent Petya/GoldenEye:
- Fix System Vulnerability
System vulnerability is always the target of ransomware. It’s crucial to keep your system up-to-date. Or you can go to Microsoft Official Site to download the latest patches for your older version Windows.
- Disable WMI service
WMI runs automatically at system startup under the LocalSystem account. The service can be used by Petya to spread the ransomware.
You can follow the steps to stop WMI service: https://msdn.microsoft.com/en-us/library/aa826517(v=vs.85).aspx
Note: If WMI service is not running, you cannot manage, monitor, or retrieve information about the resources on the computer, especially remotely.
- Create a Stronger Password for Your System
A strong password can help you improve the security of your system by prevent malicious programs from accessing your system easily. For example, you can mix the password with capitalized letters, symbols and numbers.
- Close the service of SMBv1
SMBv1 is a very old deprecated network protocol and might be attacked by Petya ransomware. You can probably disable it to prevent the attack. But there’s a potential impact that file and print sharing won’t works anymore on a local area network.
Follow the steps to stop SMBv1: http://www.iobit.com/en/tips-how-to-prevent-wannacry-attacks-80.php
Don’t want to disable SMBv1? Here are the tips for you:
Only use protected networks and do NOT share important files over SMBv1 connections Block inbound/outbound SMB traffic at your border firewalls Restrict SMB to only localhost (your own computers) via local host firewalls
- Install PC Protection Program on Your Computer
The most effortless but effective way to block ransomware is making good use of a system security tool which offers anti-ransomware engine and real-time protection. IObit Malware Fighter 5 is one good choice for you to detect ransomware threats in real-time and protect the computer against Petya attack.
Get total protection to proactively prevent ransomware attacks like Petya/GoldenEye:
- Backup Your Important Files
To avoid losing your important files, especially encrypted by Ransomware, it’s better for you to develop the good habit to make a back-up regularly and properly.