Petya NonPetya – protection steps

A few simple steps to protect your system from Petya-NonPetya (more, more, more )or possibly similar malware.

Kasperksy Lab webinar, 2 days after attack : slides.

Disable SMB v1 , additionally uninstall it.

Install Cisco MBR Filter

Step for experienced users – it will block access to MBR manipulation for that and future malware:
www.talosintelligence.com/mbrfilter
Uninstall info : github.com/Cisco-Talos/MBRFilter

Optionally – install free Kaspersky Anti Ransomware Tool :
But I’m not using it personally
go.kaspersky.com/Anti-ransomware-tool.html

Block perfc.dat and PSexec

with Windows 10 AppLocker
I’ve blocked PSExec by file hash block (it works, tested), and perfc.dat by file path with wildcard, I’m not sure it should be Windows/.. ir AppData/… .

 

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s