Ok, another cyber-attack…
Ransomware Petya utilises EternalBlue vulnerability [the same WannaCry used], targeting people who have not done the patch. EternalBlue, exploiting a vulnerability in Microsoft’s SMB protocol, and Microsoft has been published Security Bulletin. Find your patch here:
https://en.wikipedia.org/wiki/EternalBlue
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Or, there is a quick fix:
As announced this morning on BBC website, there is a vaccine, not to kill, but at least stop the ransomware cyber-attack, so called: NotPetya/Petya/Petna/SortaPetya 🙂 Here is the PowerShell version to help you, just put the server names and enter the credentials to the prompt!
function Protect-Perfc {
param ([Array]$ServerList, [PSCredential]$PSCredential)
$scriptBlock= {
function Set-PerfcFile {
param ([string]$File )
if (Test-Path -Path $File){
Write-Output "Item exists"
}
else {
Write-Output "Item does not exist. Creating"
New-Item -Path $File -Force -ItemType File
}
Write-Output "Setting the item readonly property:"
if (Get-ItemProperty $File -Name IsReadOnly)
{
Write-Output "Item is already readonly"
}
else {
Write-Output "Item is not readonly, setting"
Set-ItemProperty -Path $File -Name IsReadOnly -Value $true
}
Write-Output "File ready as readonly: "
Get-ItemProperty $file -Name IsReadonly
}
Set-PerfcFile "C:\Windows\perfc"
}
$AccessList=@()
$serverList| %{ if (Test-Wsman -ComputerName $_ -ErrorAction SilentlyContinue) {
$AccessList+=$_
write-output "WinRM is enabled $_ . Adding to the list."
}
else {
write-output "WinRM is not enabled on $_ . Run 'winrm quickconfig' to enable "
}
}
Write-Output "These servers will be protected"
$AccessList
Invoke-Command -ScriptBlock $ScriptBlock -Credential $Credential -ComputerName $AccessList
Write-Output "Finished the protection process"
}
$Serverlist= @("computer1", "computer2")
$Credential = Get-Credential
Protect-Perfc -ServerList $Serverlist -Credentials $Credential
continuous learning ... 