Petya GoldenEye Ransomware Tips

Status
Not open for further replies.
All I can say is keep your OS updated, don't open attachments from unknown senders and stay away from bad parts of the internet (sites, DL's, etc.)
Also having strong network security helps too.
 
Thanks for the tip on the ports 445 tcp & udp; I've gone ahead and blocked them on all my computers.

As far as smbv1 I've had that disabled since W8. Contrary to your link and from what I've read Vista and W7 requires you to manually disable smbv1. To do this open Powershell as an administrator then paste/enter/restart the following:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

If discovered you require this protocol with legacy devices to re-enable repeat with below:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 -Force
 
Last edited:
Thank you. And from the latest dispatches it looks like the hackers cannot decrypt even if you pay the ransom. One way trip.
 
I had read something about their email being shut down, so that's handy.
wink.gif
 
Yeah, the ransom itself was a very small amount. But the victim had to send the transaction ID and the ransomware attack ID to an email address hosted in Germany. The Germans disabled the email so the victims are SOL.

I'm sure the attacker will come up with an alternate solution, it's not a good customer service to leave paying victims unhappy. Not good for business.
 
Originally Posted By: Alfred_B

I'm sure the attacker will come up with an alternate solution, it's not a good customer service to leave paying victims unhappy. Not good for business.


Now that's funny!
 
Status
Not open for further replies.
Back
Top