Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What is ransomware and how do I protect my PC from Petya and Bad Rabbit?

Jim Martin | Oct. 26, 2017
Everything you need to know about ransomware including the latest attack, how to protect your PCs and laptops and what to do if you're affected

People often open these attachments or click links out of curiosity, because the sender is someone in their address book. So the best advice is not to open anything you don't completely trust.

In the case of Petya, the attack targets system administrators of corporate networks, as it needs to get access to those high-level credentials in order to take control of as many other computers on the network as possible.

This means than even if all machines have been patched with the Microsoft update from March 2017, there's still a chance it can succeed.

Some ransomware overwrites the MBR section of the computer's hard disk - the Master Boot Record - which prevents Windows from booting, as well as stopping access to the files.

On occasion, fixes or tools have been released for victims to get their data back.

In the case of Bad Rabbit, as explained above, it's said to arrive as a "drive-by download" which means it's automatically saved to your hard disk when you visit a website. However, it appears to be harmless in this state and can be deleted. It's only if you run the program (which masquerades as an Adobe Flash installation program) that it can get to work encrypting your files.


Which versions of Windows are affected?

Unlike previous ransomware, the indications are that Bad Rabbit doesn't use any of Windows' vulnerabilities. So although this means that every version of Windows is "affected" it's actually the user that can cause the damage by manually running the downloaded program. So be extremely cautious of what you click on, and be sure your antivirus is up to date.

The recent NotPetya attack mainly targeted businesses using the the same 'EternalBlue' vulnerability as WannaCry. Microsoft issued a patch to fix that security hole for all versions of Windows in March 2017.

Since Windows defaults to installing updates automatically, that meant most home computers were safe. Businesses which turn off the feature could still be at risk if they haven't installed the patch.

If your computer runs Windows 10, it should be protected, too.

Microsoft even issued a security patch for Windows XP and Windows 8 - a very unusual step for unsupported operating systems - which you can download from the links on Microsoft's blog.

You can check if your computer has the necessary patch installed using this free tool which you can download from our German sister site PCWelt (the tool is in English).


How can I protect my files from ransomware?

If you have Windows Update enabled then your PC should be protected from existing versions of ransomware. However, this doesn't mean it's 100 percent secure - you should still follow our advice below.


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.