
雕龙文库 分享 时间: 收藏本文


How did this begin?


The Petya ransomware worm began spreading Tuesday morning with a fake software update that was pushed out to businesses and other enterprises in Ukraine. The software concerned, called MEDoc, is a financial-monitoring application that all businesses in Ukraine must have installed.


How did Petya spread?


From its initial infection point in Ukraine, the Petya worm quickly spread to companies in other European countries through enterprise networks.


There's some evidence that Petya also spread via infected email attachments, but that theory is not quite as well established.


What does Petya do?


Petya is really four things. It's a worm that uses Windows networking tools, and exploits used by the NSA, to spread through local networks.


It's a piece of ransomware that encrypts the Master Boot Record — the guts of a Windows hard drive — to prevent a computer from starting up properly.


There's also a second piece of ransomware that encrypts various files on the machine if the Master Boot Record attack fails.


And there's a fourth component that steals usernames and passwords from infected machines, possibly only so it can infect more machines.


Who is at risk?


The silver lining is that properly patched Windows systems that are not connected to enterprise networks, such as home computers, are at little risk of being infected by the Petya worm — at least for now. If you use a home computer to connect to a corporate VPN, however, you greatly increase the chances of your home network becoming infected.


Does the Petya worm infect Macs, iPhone, Android devices or Linux boxes?


Only Windows machines appear to be at risk.


Does fully patching a Windows computer stop Petya?


Even fully updated Windows computers on an enterprise network can be infected by the Petya worm. That's because once it establishes itself on even one machine inside an enterprise network, Petya will spread by stealing Windows administrative passwords and using standard Windows network-administration tools to install itself on every Windows machine it can.


Will antivirus software stop the Petya worm?


It should. All good antivirus software products should block the Petya worm from installing. That may change if the worm's code or behavior drastically changes.


Is Petya related to WannaCry?


Petya also uses the ETERNALBLUE exploit, also used by the otherwise unrelated WannaCry ransomware worm in mid-May, to spread among Windows machines in an enterprise network.


Who's behind Petya?


It's not clear who created and released Petya, but a lot of circumstantial evidence points to "patriotic" Russian hackers.


Why is it called Petya?


The ransomware component of this new worm bears at least superficial resemblance to the latest iterations of Petya, a ransomware strain first spotted in 2024. (Petya is Russian for "Pete.")


Should I pay the Petya ransom?


If your computer is encrypted by Petya, there's no point in paying the ransom. The email address that you have to contact to collect the decryption key, has been shut down by the email host. Unless new strains of the ransomware provide a different contact email address, there's no way to recover your files.


Is there a Petya "kill switch"?


No. However, there are a couple of ways that you might be able to prevent or stop the encryption process.


First, if your computer randomly begins to shut down, abort the shutdown process and keep it running. The Petya worm has to reboot the machine in order encrypt the hard drive's Master Boot Record, which is essential to the Windows startup process.


Second, you can try to "immunize" your machine by creating a read-only file called "perfc" and putting it in the Windows directory. In some instances, if the Petya worm sees that file, it won't encrypt the machine — but it will continue to spread to other machines on the same network. However, we've seen reports that this method doesn't work on Windows 7, and that new versions of the Petya code may not have this function.

其次,你可以尝试通过创建一个名为“perfc”的只读文件并将其放入Windows目录中来“免疫”你的电脑。在某些情况下,如果Petya蠕虫看到该文件,它便不会加密这台电脑,但它会继续扩散到同一网络上的其他电脑。不过,我们已经见到报告说这种方法不适用于Windows 7系统,而且新版Petya代码可能没有这一功能。

How did this begin?


The Petya ransomware worm began spreading Tuesday morning with a fake software update that was pushed out to businesses and other enterprises in Ukraine. The software concerned, called MEDoc, is a financial-monitoring application that all businesses in Ukraine must have installed.


How did Petya spread?


From its initial infection point in Ukraine, the Petya worm quickly spread to companies in other European countries through enterprise networks.


There's some evidence that Petya also spread via infected email attachments, but that theory is not quite as well established.


What does Petya do?


Petya is really four things. It's a worm that uses Windows networking tools, and exploits used by the NSA, to spread through local networks.


It's a piece of ransomware that encrypts the Master Boot Record — the guts of a Windows hard drive — to prevent a computer from starting up properly.


There's also a second piece of ransomware that encrypts various files on the machine if the Master Boot Record attack fails.


And there's a fourth component that steals usernames and passwords from infected machines, possibly only so it can infect more machines.


Who is at risk?


The silver lining is that properly patched Windows systems that are not connected to enterprise networks, such as home computers, are at little risk of being infected by the Petya worm — at least for now. If you use a home computer to connect to a corporate VPN, however, you greatly increase the chances of your home network becoming infected.


Does the Petya worm infect Macs, iPhone, Android devices or Linux boxes?


Only Windows machines appear to be at risk.


Does fully patching a Windows computer stop Petya?


Even fully updated Windows computers on an enterprise network can be infected by the Petya worm. That's because once it establishes itself on even one machine inside an enterprise network, Petya will spread by stealing Windows administrative passwords and using standard Windows network-administration tools to install itself on every Windows machine it can.


Will antivirus software stop the Petya worm?


It should. All good antivirus software products should block the Petya worm from installing. That may change if the worm's code or behavior drastically changes.


Is Petya related to WannaCry?


Petya also uses the ETERNALBLUE exploit, also used by the otherwise unrelated WannaCry ransomware worm in mid-May, to spread among Windows machines in an enterprise network.


Who's behind Petya?


It's not clear who created and released Petya, but a lot of circumstantial evidence points to "patriotic" Russian hackers.


Why is it called Petya?


The ransomware component of this new worm bears at least superficial resemblance to the latest iterations of Petya, a ransomware strain first spotted in 2024. (Petya is Russian for "Pete.")


Should I pay the Petya ransom?


If your computer is encrypted by Petya, there's no point in paying the ransom. The email address that you have to contact to collect the decryption key, has been shut down by the email host. Unless new strains of the ransomware provide a different contact email address, there's no way to recover your files.


Is there a Petya "kill switch"?


No. However, there are a couple of ways that you might be able to prevent or stop the encryption process.


First, if your computer randomly begins to shut down, abort the shutdown process and keep it running. The Petya worm has to reboot the machine in order encrypt the hard drive's Master Boot Record, which is essential to the Windows startup process.


Second, you can try to "immunize" your machine by creating a read-only file called "perfc" and putting it in the Windows directory. In some instances, if the Petya worm sees that file, it won't encrypt the machine — but it will continue to spread to other machines on the same network. However, we've seen reports that this method doesn't work on Windows 7, and that new versions of the Petya code may not have this function.

其次,你可以尝试通过创建一个名为“perfc”的只读文件并将其放入Windows目录中来“免疫”你的电脑。在某些情况下,如果Petya蠕虫看到该文件,它便不会加密这台电脑,但它会继续扩散到同一网络上的其他电脑。不过,我们已经见到报告说这种方法不适用于Windows 7系统,而且新版Petya代码可能没有这一功能。

信息流广告 网络推广 周易 易经 代理招生 二手车 网络营销 招生代理 旅游攻略 非物质文化遗产 查字典 精雕图 戏曲下载 抖音代运营 易学网 互联网资讯 成语 成语故事 诗词 工商注册 注册公司 抖音带货 云南旅游网 网络游戏 代理记账 短视频运营 在线题库 国学网 知识产权 抖音运营 雕龙客 雕塑 奇石 散文 自学教程 常用文书 河北生活网 好书推荐 游戏攻略 心理测试 石家庄人才网 考研真题 汉语知识 心理咨询 手游安卓版下载 兴趣爱好 网络知识 十大品牌排行榜 商标交易 单机游戏下载 短视频代运营 宝宝起名 范文网 电商设计 免费发布信息 服装服饰 律师咨询 搜救犬 Chat GPT中文版 经典范文 优质范文 工作总结 二手车估价 实用范文 爱采购代运营 古诗词 衡水人才网 石家庄点痣 养花 名酒回收 石家庄代理记账 女士发型 搜搜作文 石家庄人才网 铜雕 词典 围棋 chatGPT 读后感 玄机派 企业服务 法律咨询 chatGPT国内版 chatGPT官网 励志名言 河北代理记账公司 文玩 朋友圈文案 语料库 游戏推荐 男士发型 高考作文 PS修图 儿童文学 买车咨询 工作计划 礼品厂 舟舟培训 IT教程 手机游戏推荐排行榜 暖通,电采暖, 女性健康 苗木供应 主题模板 短视频培训 优秀个人博客 包装网 创业赚钱 养生 民间借贷律师 绿色软件 安卓手机游戏 手机软件下载 手机游戏下载 单机游戏大全 免费软件下载 培训网 网赚 手游下载 游戏盒子 职业培训 资格考试 成语大全 英语培训 艺术培训 少儿培训 苗木网 雕塑网 好玩的手机游戏推荐 汉语词典 中国机械网 美文欣赏 红楼梦 道德经 网站转让 鲜花 社区团购 社区电商