29/06/2017
Dear Friends,
A new ransomware malware attack is sweeping across Europe and the US. It has infected computer systems of numerous major corporations, financial and government institutions. The malware is variant of Petya ransomware with EternalBlue exploit code built in, which WannaCry utilised to propagate around organisations.
Once executed, the system’s master boot record (MBR) is overwritten by the custom boot loader, which loads a malicious kernel containing code that starts the encryption process. Once the MBR has been altered, the malware will cause the system to crash. When the computer reboots, the malicious kernel is loaded, and a screen will appear showing a fake Check Disk process.
This is where the malware is encrypting the Master File Table (MFT) that is found on NTFS disk partitions, commonly found in most Windows operating systems.
It is when the machine is rebooted to encrypt the MFT that the real damage is done.
*** Refer to the Picture ***
Prevention Tip #1: The malware requires administrator rights to the local computer. Standard users should not have this in permission. Consider restricting who has local admin rights to prevent ex*****on of exploit code within organisations. Home users should also consider using a Standard User Account for day-to-day operations.
Prevention Tip #2: Some Windows systems are configured to automatically reboot if it crashes. You can disable this feature in Windows. If you can prevent the MFT from being encrypted, you can still recover your data from your local disk. Click here to learn how to do this.
Additional Tips for prevention
1. Never download freeware or files from untrusted sources as it might be infected.
2. Always scan removable devices before using them.
3. Regularly scan your PC to detect Ransomware as well as other related threats.
4. Always keep your Windows Operating System updated.
5. Browser’s security settings should be activated and set to medium level.
6. Avoid installation of ActiveX controls as it is somewhat prone to Ransomware.
7. Never install potentially unwanted programs on your PC.
8. Always carefully read “License and Agreement” before installing any freeware.
9. Turn on firewall and other security settings for better PC protection.
10. Do not click on suspicious links.
11. Avoid getting carried away by unrealistic deals and offers as they can be a trick.
12. Never respond to unknown mails and messages.
Be secure, be safe and contact IT if you are concerned.
Kind Regards,
