logo

Decryptor Key For Petya Ransomware Released July 25th 2017

Decryptor For Ransomware Released July 25th 2017

The great news is that  Malwarebytes Lab (july 25th 2017) declared they now have a decryptor  for old and some current versions of Ransomware  including, GOLDENEYE/PETYA(Petya/Not Petya) .  To get a key to unlock your computer if you have Goldeneye, Red Petya or Green Petya click the link to Malwarebytes LABS.  If you have been infected click here for info about how to identify the the particular version of Petya Malware that you have picked up.  Even for the uninitiated there are step by step instructions on how to use the decryptor.

An Ounce of Prevention Is Worth A Pound Of Cure

To avoid being a victim in the first place:

  1. Run all Microsoft Updates and backup your computer regularly. You can set them to run when you are asleep.Setting Windows to update when you are asleepIn Windows 10, go to Settings  > Update & Security. You’ll see your update status there. In Windows 8.1, go to Settings  > Change PC Settings Update and recovery.                  In Windows 7, go to Control Panel > Windows Update. And turn on File History

  2. If you receive an email from someone you don’t know.  DON’T OPEN IT.  DON’T CLICK A LINK.  DON’T DOWNLOAD AN ATTACHMENT.

  3. Disable macros in word. DO NOT enable macros if an email requests especially the following case number.doc, e-ticket_79010838.doc, fax_msg896-599-5459.doc etc.  Click here for complete list. dont enable macros

  4. Click on the following links to read about securing your computer and phone when you use Facebook, Twitter(most recently targeted by Russia), Skype or any social media.

  5. Apple devices are not immune to hacking.  There is now Malware that targets iPhones and Macs so make sure you download the latest update (iOS 10.3.3.) immediately.

  6. Take care when using public WIFI.  One the most serious new threats (inexsmar 7/23/17) involves hackers targeting hotel wifi.  Distributed by a group called DarkHotel it is a multi stage trojan that covers it’s own tracks.  Another step in the evolution of malware.

  7. Make sure you have a security suite and that Real Time Protection (on access scanning) is turned on in your antivirus.

  8. To read Sophos anti virus’ free, complete rundown, about what Ransomware is and the best ways to protect yourself click here.

  9. DON’T pay!  You’ll encourage more attacks and the chances are lottery slim you’ll get your computer unlocked.  Even if they do, it does not rule out the chance you are still infected and being used (botnet).

  10. Login to your computer using an account that DOES NOT have administrative privileges.  If your account has limited privileges so will malware.  Only login as admin when you need to.

  11. Kaspersky Labs, has a free ransomware tool for business.

  12. If you are not sure about the safety of a site, insert url into Google’s Safe Browsing search window and check out their Malware dashboard.  (this doesn’t always work but it’s worth a shot.

Despite taking all the above precautions I encourage you to back up.  This is the safest thing you can do. Regardless of the security solution, we are the weakest link.  We use overly simplistic passwords i.e., no special characters etc. (Sony) or duplicate (work and personal email) passwords.  And who hasn’t clicked on something we should not have. Backing up may be as simple as turning on file history  backup you set in Windows Update and Security or choosing from PC Mags Best Backup Software of 2017.   The options for a safe restore are much easier with the Creators Update.

The current Cyber threat GOLDENEYE/PETYA Wiper Virus (Petya/Not Petya) no longer contains the kill switch  Wanna Cry (also known as wannacrypt) contained but it uses the same exploit (Windows vulnerability) that may be stopped by running this patch. Whereas Wanna Cry was designed to exploit weaknesses in Windows 7 and previous versions (XP etc), the current threat Goldeneye/Petya is an ongoing threat for all users.  The criminals have not been caught but the Ukrainian company that helped to foster the spread of the malware by running outdated and insecure software may face criminal charges.  It is thought that the malware was disguised as a Windows Update.

Many claim, it was made to destroy not to make money, leading some to think it was an attack from one nation state on another.  The target seems to be once again The Ukraine, who has suffered 60% of the attacks (let’s see who attacked the Ukraine before…hmm).  All of the other casualties, which now include  The Dutch Fedex and domestic (U.S.) Fedex.  Fedex which also suffered losses from  WannaCry will recover, but expects their losses to be significant.   Other collateral damage was San Francisco’s Radio and TV station KQED which has been paralyzed by a ransomware attack for over a month that encrypted thousands of files .   A bit like getting hit from fallout from a nuclear test?

Why haven’t the offender’s been caught?  There is now very sophisticated software that hides the bad guys.  The good guys catch up and the bad guys find a way around it.  Malware can be downloaded to a computer and remain dormant for months till a host’s action triggers it.  It can even affect the physical architecture of a computer.  But let me clear that Microsoft put out the patch  in Mid-March almost a month before the WannaCry ransomware attack.  So we must shoulder some of the blame for the current epidemic.

Graph of Ransomware attacks

Graph of Ransomware attacks courtesy of Microsoft

The new Windows Creator Update, when and if you decide to get it, provides much improved built-in Windows Defender Security and a more secure and feature filled Microsoft Edge browser.  In addition, instead of running updates that were cumulative and took a while to download and run; Microsoft will be sending more frequent and smaller updates that are easier for your PC to digest. One of the biggest features is called container based isolation,which literally isolates malware within a browser and prevents it from taking control of any other system on your computer.  This is a newer version of “Sandboxing” technology; because some malware was found to wait out the Sandbox isolation and then do it’s mischief.  This fall, things will improve even more with the new “Redstone” update (the 2nd Creators Update) from Microsoft, which features the Windows Defender Application Guard.

How to use all the newest features in The Creators Update to protect your computer

How to use all the newest features in The Creators Update to protect your computer

Let me be clear The Creators Update is not perfect yet, what update is?

Though the money to move to the new OS like Windows 7 or Windows 10 (a free upgrade for most) in The United States is not at issue. The money to own a legitimate copy of the software in some countries is often not available, as a Ukrainian student at my work pointed out. Without the newer version or legitimate copies of the software, getting timely updates may not be possible. This explains why WannaCry hit some countries harder than others. Pirated versions of Windows may be cheap but WannaCry made many pay dearly.  With the right software you can build a Windows operating system but upgrading and updating patches is another issue altogether.

WannaCrypt (ransomware) is a worm that spreads by constantly scanning from infected computers till it finds one with a vulnerability or exploit (which they all had before this patch) and infecting it.  It is the result of a release by Shadow Brokers of hacking tools from the NSA that exploited vulnerabilities that Microsoft was unaware of.  Which is why Microsoft pulled out all stops to shut it down.  Would it have been nice if the NSA told Microsoft about these ?  Hmmmm…Yes I think so. But then the backdoors might have been closed.

So why did big companies and hospitals get hacked?  Because big organizations have scheduled updates so as to not to interfere with day-to-day operations, once a week sometimes less.  Some don’t even have a networked option. In addition, these updates usually come in scheduled releases not all in once, except for emergencies like the one we have now.  Also the bad guys target organizations that can’t afford not to pay.  Some didn’t know they needed the patch, like movie editors who work on Avid ISIS or Nexis shares (Info for patch for Avid here).

Observe these rules for safety when using your phone.  For those who think their Android Phones are always secure, they are, until you download apps (pirated phony apps) from unproven developers (Chinese free versions of Angry Birds or a cheating tool for the game King of Glory).  The results are about 2 million handsets getting a virus from The Google Play Store (SLocker and now Flocker).  Most likely you’re on your phone more than computer.  Why not secure it with it’s own anti-malware app  and run a web security app like Disconnect, that stops mobile trackers from collecting your info while protecting you from malvertising threats?

Courtesy of Trend Micro

If you don’t, you could visited by The Android version of Ransomware, which encrypts texts, pictures and videos.  If the ransom is not paid within a few days the price increases.  The name on the Android Ransomware demand is Lycorisradiata.  Lycoris Radiata (the Chinese red spider or magic red lily) is a flower with extremely poisonous bulbs used in Japan to surround rice paddies and houses to keep pests away. Wouldn’t it be nice if we could surround our phones and computers with something poisonous to keep out pests.  The poisonous Lycorisradiata has now been joined by a new threat GhostCtrl  which now can record audio and video while gaining access to phone data in real time.  Restricting permissions on devices seems to be part of the solution but who wants to do that to their phone?

Finally don’t let this all make you crazy; back up, follow rules for safe browsing, run all Microsoft Updates and enjoy your computer and your life.

Finally don’t let this all make you crazy; back up, follow rules for safe browsing, run all Microsoft Updates and enjoy your computer and your life.

Thousands of users affected. Play the time lapse map below created from data gathered by MalwareTech…

  • Share