Best Practices to Prevent Infection and Indicators of Compromise - Petya

[soccer97]

I found these articles from ESET and Microsoft's Malware Protection Blog on best practices to protect yourself and your system from Ransomware and indicators of compromise.

Best practices to protect against Filecoder (ransomware) malware

Although it is not possible for any antivirus system to completely eliminate the risk caused by infiltrations and attacks, it is possible to significantly minimize your risk of infection by following some best practice strategies. In combination with the protection you expect from your ESET product, following these strategies, will help keep your information safe.

ESET detects and blocks "Petya" Diskcoder.C malware—best practices for ESET and non-ESET users

ESET is tracking an outbreak of malware detected as the Diskcoder.C Trojan that has been referred to as a Petya variant in some previous communications. ESET LiveGrid has blocked the threat since ~13:30 CEST 6/27.

New ransomware, old techniques: Petya adds worm capabilities

A single ransomware, multiple lateral movement techniques

Given this new ransomware’s added lateral movement capabilities it only takes a single infected machine to affect a network. The ransomware spreading functionality is composed of multiple methods responsible for:

• 
  
  
  • stealing credentials or re-using existing active sessions
  • using file-shares to transfer the malicious file across machines on the same network
  • using existing legitimate functionalities to execute the payload or abusing SMB vulnerabilities for unpatched machines

These have some links that link to Microsoft advice.

One addresses avoiding letting apps install in the AppData directory of your PC. Some programs are automatically configured to install here (Such as a popular music subscription service). You can change the install location to C:/Program Files. Food for Thought.

 

[tryfon]

Great compilation of information, thank you for posting this.

 

[Hankserty]

Sure