Last month the cyber world saw one of the major ransomware attacks in the world called wannacry ransomware, which affected many services throughout the world. This month, a new ransomware called Petya is spreading quickly and affecting the same way as it was before.Though the volume isn’t as big, but it can be called as considerable amount. The major affected countries are Ukraine, Spain, France, UK, India, and Europe. This ransomware is demanding $300 as a ransom to unlock the computers. I find this petya ransomware to be more dangerous-as this ransomware rewrites the master boot record(from where OS loads) and displays its own hijacking screen.
Petya, like wannacry also uses SMB exploit across systems to spread over a network. Petya doesn’t have a killswitch as well. Please note that this SMB vunerablity was fixed back in March updates as I said here
but you can disable SMBv1 to entirely close the risk. Here are the steps to disable SMBv1 in respective operating systems:
Windows 10 and Windows 8.1
You just need to disable it using Turn windows features on or off in Control Panel. Here are the steps:
- Open Control Panel> Programs and features.
- On the left pane, click Windows features on or off.
- In the new window that opens, uncheck the option SMB 1.0/CIFS File Sharing support
- Reboot your computer.
This would make sure your system wouldn’t be affected by Petya ransomware. Microsoft plans to remove SMBv1 entirely by Fall creators update.
Windows 7, the most popular OS till date doesn’t provide you an option to disable SMBv1 directly. You need to use Registry editor.
- Open registry editor by typing in regedit in run dialog box.
- Navigate to the following key:
- On the right, right click Modify and change the value to 0.
You can also use Group policy to configure SMB client as well. More information can be found on this support page.