Safety information Bureau in The TT & TT just officially got the warning text and guide the agencies, organizations, enterprises of measures to minimize the risk from viruses to encrypt data and blackmail Petya , a new variant of malicious code blackmail Ransomware
How to avoid the virus data encryption blackmail
Content alert: extortion, malicious code malicious code data encryption (Ransomware) from the time appear to have no small damage for many organizations, the business. After the attack, Islamic 5/2017 of malicious code on 27/6/2017 WannaCry blackmail virus data encryption blackmail new Petya continued to influence many countries around the world.
Petya virus (also called Petwrap) not only exploit and spread through vulnerabilities MS17-010 which also can infect your computer has patched this vulnerability through WMIC tool (tool available in Windows to allow access and set configuration on the air Windows); PSEXE tool (tool allows access to remote Windows computer users do not know through SMB services) and vulnerabilities CVE-2017-0199 (vulnerability in WordPad/Microsoft Office allows hackers to seize control of the system).
“Petya has very different than other Ransomware variants. Petya when infection on your computer will not encrypt the files that implement the coding Table File (Master File Table-MFT, contain information about all the files and folders on the partition) and replace the Master Boot Record of your computer with malicious files to show information ransom. So computer users would not be able to boot when infected with this malicious code “, the text of the safety information Bureau-The TT & TT stated.
To minimize the risk from malicious code Petya, safety information Bureau-The TT & TT suggested the Agency, organization, strengthen measures to guarantee safety of the information. In particular, the agencies, units, enterprises are required to check and make sure the computers in the network have patched the security patches, especially MS17-010, CVE 2017-0199; the whole block the connection related to the SMB Service (445/137/138/139) from the Internet; Disable WMIC (Windows Management Instrumentation Command-line).
At the same time, the Security Bureau also suggested the Agency, organization, enterprises do not visit the strange links, high vigilance when opening attachments in e-mail; make a backup of your important data regularly on separate storage devices; updated antivirus software; turn off SMB service on all the computers on the LAN (if not necessary); and create a file “C:\Windows\perfc” to prevent infections of ransomware. “This is malicious code file check before performing malicious behavior on the computer”, the Security Bureau said.
Where necessary, the organs, organizations, enterprises can contact a Intergalactic safety information – The TT & TT (phone: 04.3943.6684, e-mail [email protected]) to be coordinated, supported.