What about being safe from “Petya”? Kill SMB 1.0 in Windows! And some more…

And positive news as such, that in the coming Windows 10 update called “Fall Creators Update” SMB 1.0 file sharing protocol is going to be removed. In fact, you don’t need one!

More, for GUI fans OnMicrosoft:

https://www.onmsft.com/news/petya-ransomware-running-rampant-how-to-turn-off-smbv1-in-windows-to-make-sure-youre-safe

Here comes practical example for PowerShell diehards:

https://social.technet.microsoft.com/Forums/ru-RU/65ddd7fc-2226-4f6c-8aac-e4c0c937b737/windows-10-and-smb?forum=WinServerPreview

Below, link to information how it was possible to spread this virus THAT rapidly (via MEDoc automatic update, ezvit.exe) on Ukraine:

https://habrahabr.ru/company/drweb/blog/332444/

That, what happened with Russian branch of Home Credit bank loyalty program “Polza” as result of “Petya” attack:

Look like good overview of server internals and application architecture… Very insecure! 🙁

https://vk.com/pavelvoronov?w=wall884720_1310

Finally, every Windows service that makes changes to your system configuration now could be also a harmful one… Or even have intentionally left backdoor.

To be fair, latest reports also indicate that even software from Google or any other vendor’s online store MIGHT be harmful at some extent. It just imitate its good intentions for a while, then after some updates shows its true nature. 🙁 Ok, it is not like “Petya”, but still.

In short – keep your firewall always on and ports secure. Don’t install any automated update agents running with administrator rights.

Wish you luck, and… Be updated, beware of viruses!

Summary
Event
Computer virus attack
Location
World-wide,
Description
"Petya" virus attached multiple countries and industries around the globe. Here comes some summary and defensive suggestions.