设为首页 - 加入收藏
您的当前位置:英语阅读网 > 英语新闻 > 科学技术 > 正文

新电脑病毒Petya来袭 勒索病毒东山再起

来源:英语阅读 编辑:英语学习 时间:2017-07-04

How did this begin?


The Petya ransomware worm began spreading Tuesday morning with a fake software update that was pushed out to businesses and other enterprises in Ukraine. The software concerned, called MEDoc, is a financial-monitoring application that all businesses in Ukraine must have installed.


新电脑病毒Petya来袭 勒索病毒东山再起

How did Petya spread?


From its initial infection point in Ukraine, the Petya worm quickly spread to companies in other European countries through enterprise networks.


There's some evidence that Petya also spread via infected email attachments, but that theory is not quite as well established.


What does Petya do?


Petya is really four things. It's a worm that uses Windows networking tools, and exploits used by the NSA, to spread through local networks.


It's a piece of ransomware that encrypts the Master Boot Record — the guts of a Windows hard drive — to prevent a computer from starting up properly.


There's also a second piece of ransomware that encrypts various files on the machine if the Master Boot Record attack fails.


And there's a fourth component that steals usernames and passwords from infected machines, possibly only so it can infect more machines.


Who is at risk?


The silver lining is that properly patched Windows systems that are not connected to enterprise networks, such as home computers, are at little risk of being infected by the Petya worm — at least for now. If you use a home computer to connect to a corporate VPN, however, you greatly increase the chances of your home network becoming infected.


Does the Petya worm infect Macs, iPhone, Android devices or Linux boxes?


Only Windows machines appear to be at risk.


Does fully patching a Windows computer stop Petya?


Even fully updated Windows computers on an enterprise network can be infected by the Petya worm. That's because once it establishes itself on even one machine inside an enterprise network, Petya will spread by stealing Windows administrative passwords and using standard Windows network-administration tools to install itself on every Windows machine it can.


Will antivirus software stop the Petya worm?


It should. All good antivirus software products should block the Petya worm from installing. That may change if the worm's code or behavior drastically changes.


Is Petya related to WannaCry?


Petya also uses the ETERNALBLUE exploit, also used by the otherwise unrelated WannaCry ransomware worm in mid-May, to spread among Windows machines in an enterprise network.


Who's behind Petya?


It's not clear who created and released Petya, but a lot of circumstantial evidence points to "patriotic" Russian hackers.


Why is it called Petya?


The ransomware component of this new worm bears at least superficial resemblance to the latest iterations of Petya, a ransomware strain first spotted in 2015. (Petya is Russian for "Pete.")


Should I pay the Petya ransom?


If your computer is encrypted by Petya, there's no point in paying the ransom. The email address that you have to contact to collect the decryption key, wowsmith123456@posteo.net, has been shut down by the email host. Unless new strains of the ransomware provide a different contact email address, there's no way to recover your files.


Is there a Petya "kill switch"?


No. However, there are a couple of ways that you might be able to prevent or stop the encryption process.


First, if your computer randomly begins to shut down, abort the shutdown process and keep it running. The Petya worm has to reboot the machine in order encrypt the hard drive's Master Boot Record, which is essential to the Windows startup process.


Second, you can try to "immunize" your machine by creating a read-only file called "perfc" and putting it in the Windows directory. In some instances, if the Petya worm sees that file, it won't encrypt the machine — but it will continue to spread to other machines on the same network. However, we've seen reports that this method doesn't work on Windows 7, and that new versions of the Petya code may not have this function.

其次,你可以尝试通过创建一个名为“perfc”的只读文件并将其放入Windows目录中来“免疫”你的电脑。在某些情况下,如果Petya蠕虫看到该文件,它便不会加密这台电脑,但它会继续扩散到同一网络上的其他电脑。不过,我们已经见到报告说这种方法不适用于Windows 7系统,而且新版Petya代码可能没有这一功能。

Copyright © 2008-2020 知了英语学习网 版权所有 湘ICP备17007075-4号