Windows Desktop & Server
Discussion of issues about Windows desktop and server OS.
The NotPetya Ransomware (also known as Petna, and SortaPetya) is spreading around the globe very quickly. It only affects Windows computers via two vulnerabilities – one in Office (CVE-2017-0199) and the same one in SMBv1 that WannaCry used. If you patched your system for WannaCry (or keep your computer up-to-date) then you will slow but not necessarily stop the infection. The malware encrypts your files and demands a ransom to provide the decryption key. Unfortunately, the email box used to correspond with the malware author is now off-line.
Security researchers have found a way to prevent the encryption by creating three files and making them read only. For more information, see this article on the Bleeping Computer web site.
Since this is a very recent attack, security researchers are still trying to discover what mechanisms are involved. Some anti-virus software has been updated to protect your computer but not all, yet.
UPDATE: for a good summary see this The Register article.
You must be logged in to reply to this topic.