Close Menu
Technotification
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram
    Technotification
    • Home
    • News
    • How To
    • Explained
    • Facts
    • Lists
    • Programming
    • Security
    • Gaming
    Technotification
    Home › Security › Petya Outbreak Stoppage Expected As Microsoft Cracks The Petya Mystery

    Petya Outbreak Stoppage Expected As Microsoft Cracks The Petya Mystery

    By Vikram Singh RaoDecember 12, 2018
    Facebook Twitter Reddit LinkedIn
    ransomware-malware-petya

    Microsoft has partly solved the mystery behind one of the Wanacrypt’s successors

    Petya, or what some researchers are calling as NoPetya is a ransomware that has came into highlight after it hit Ukrain and some other European countries. It has been compared with Wanacry in terms of catastrophe although it has a shorter attack arena till now.

    In a blog post, Microsoft has revealed the working of Petya ransomware. Contrary to what security firms have believed , Microsoft says that it has “good evidence” that a software supply chain attack method was used for malware propagation.

    Microsoft has quoted the malware initiation process as:

    “Microsoft now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process. As we highlighted previously, software supply chain attacks are a recent dangerous trend with attackers, and it requires advanced defense.

    We observed telemetry showing the MEDoc software updater process (EzVit.exe) executing a malicious command-line matching this exact attack pattern on Tuesday, June 27 around 10:30 a.m. GMT.”

    and its propagation inside the LAN as:

    “Once the ransomware has valid credentials, it scans the local network to establish valid connections on ports tcp/139 and tcp/445. A special behavior is reserved for Domain Controllers or servers: this ransomware attempts to call DhcpEnumSubnets() to enumerate DCP subnets all hosts on all DHCP subnets before scanning for tcp/139 and tcp/445 services. If it gets a response, the malware attempts to copy a binary on the remote machine using regular file-transfer functionalities with the stolen credentials.”

    A soft reminder to our readers:

    As referenced in our previous articles, Eternal Blue is a leaked NSA tool that uses the outdated IPC protocol SMBv1 to spread itself. This tool is being used by all the current and surfacing ransomware. So it is advisable to disable SMBv1 on your system(s) as soon as possible.

    How to protect yourself:

    1. First of all disable SMBv1.
    2. Patch your system(s) against EternalBlue
    3.Use Amit Seper’s kill switch
    ” create a new file named perfc in the C:\Windows directory without any extension”
    Note that this is a temporary fix which will work until hackers modify the malware code.
    4. Stay informed on the internet to stay safe on the internet.

    Share. Facebook Twitter LinkedIn Tumblr Reddit Telegram WhatsApp
    Vikram Singh Rao
    • Website
    • Facebook
    • X (Twitter)
    • LinkedIn

    I am an entrepreneur at heart who has made his hobby turned a passion, his profession now.

    Related Posts

    NVIDIA GeForce NOW is Finally Coming to India

    January 8, 2025

    The Psychology of a Phishing Email: How Scammers Play with Your Mind

    July 16, 2024

    9 Essential Elements of a Strong Cyber Security Management System

    July 3, 2024

    Common Cyber Attacks and How to Prevent Them

    July 3, 2024

    How Cyber Security Paid Training Prepares You for Real-World Threats

    June 13, 2024

    The Role of Security in Server Colocation Environments

    March 12, 2024
    Lists You May Like

    10 Sites to Watch Free Korean Drama [2025 Edition]

    January 2, 2025

    10 Best RARBG Alternative Sites in April 2025 [Working Links]

    April 1, 2025

    The Pirate Bay Proxy List in 2025 [Updated List]

    January 2, 2025

    10 Best Torrent Search Engine Sites (2025 Edition)

    February 12, 2025

    10 Best GTA V Roleplay Servers in 2025 (Updated List)

    January 6, 2025

    5 Best Torrent Sites for Software in 2025

    January 2, 2025

    1337x Alternatives, Proxies, and Mirror Sites in 2025

    January 2, 2025

    10 Best Torrent Sites for eBooks in 2025 [Working]

    January 2, 2025

    10 Best Anime Torrent Sites in 2025 [Working Sites]

    January 6, 2025

    Top Free Photo Editing Software For PC in 2025

    January 2, 2025
    Pages
    • About
    • Contact
    • Privacy
    • Careers
    Privacy

    Information such as the type of browser being used, its operating system, and your IP address is gathered in order to enhance your online experience.

    © 2013 - 2025 Technotification | All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.