Petya ransomware running rampant: how to turn off SMBv1 in Windows to make sure you’re safe

3 min. read

Published onJune 27, 2017

published onJune 27, 2017

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Last month it was the “WannaCry” virus wreaking havoc over the internet, and now this week another ransomware exploit is rapidly expanding across Europe and the Ukraine especially. The new variant, dubbed “Petya,” uses the same SMBv1 exploit that WannaCry uses to rapidly replicate throughout network systems, but holds infected computers hostage in a significantly different way.

According to a post in Hacker News, the Petya ransomware, also known as “Petwrap,” is spreading rapidly, “shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and demanding demands $300 in bitcoins,” and has affected over 300,000 computers in only 72 hours.

Petya does not encrypt files one by one in its attempt to elicit those Bitcoin payments, but uses an even more nefarious method:

Instead, Petya reboots victims computers and encrypts the hard drive’s master file table (MFT) and rendering the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk. Petya replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.

Microsoft issued a series of patches for this type of exploit back in April, including taking the unusual step ofpatching the unsupported Windows XP operating system, so if you’re current on updates you should be ok. However the company also recommends removing the unused but vulnerable SMBv1 file sharing protocol from your systems.

It’s pretty easy to do, and well worth it for the peace of mind it could bring as yet another ransomware exploit powered byleaked NSA hacking toolsruns amuck. Our colleague over at ZDNet, Ed Bott, runs through the procedure for Windows 10 machines:

This works for Windows 10 and Windows 8.1,Ed has further instructions if you’re still on Windows 7. As he says, there’s simply no reason for you to be running SMBv1, and Microsoft is planning to remove it entirely in the Windows 10 Fall Creators Update.

For now, governments and industries are grappling to fight the ransomware and perhaps looking at their penchant for running older unpatched systems, as the dirty tricks of the NSA continue to come back to haunt us.

Stay safe out there!

Kip Kniskern

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Kip Kniskern

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Petya ransomware running rampant: how to turn off SMBv1 in Windows to make sure you’re safe#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Petya ransomware running rampant: how to turn off SMBv1 in Windows to make sure you’re safe