Petya NonPetya – protection steps

A few simple steps to protect your system from Petya-NonPetya (more, more, more )or possibly similar malware.

Kasperksy Lab webinar, 2 days after attack : slides.

Disable SMB v1 , additionally uninstall it.

Install Cisco MBR Filter

Step for experienced users – it will block access to MBR manipulation for that and future malware:
Uninstall info :

Optionally – install free Kaspersky Anti Ransomware Tool :
But I’m not using it personally

Block perfc.dat and PSexec

with Windows 10 AppLocker
I’ve blocked PSExec by file hash block (it works, tested), and perfc.dat by file path with wildcard, I’m not sure it should be Windows/.. ir AppData/… .







Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s