Ok, another cyber-attack…
Ransomware Petya utilises EternalBlue vulnerability [the same WannaCry used], targeting people who have not done the patch. EternalBlue, exploiting a vulnerability in Microsoft’s SMB protocol, and Microsoft has been published Security Bulletin. Find your patch here:
https://en.wikipedia.org/wiki/EternalBlue
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Or, there is a quick fix:
As announced this morning on BBC website, there is a vaccine, not to kill, but at least stop the ransomware cyber-attack, so called: NotPetya/Petya/Petna/SortaPetya 🙂 Here is the PowerShell version to help you, just put the server names and enter the credentials to the prompt!
function Protect-Perfc { param ([Array]$ServerList, [PSCredential]$PSCredential) $scriptBlock= { function Set-PerfcFile { param ([string]$File ) if (Test-Path -Path $File){ Write-Output "Item exists" } else { Write-Output "Item does not exist. Creating" New-Item -Path $File -Force -ItemType File } Write-Output "Setting the item readonly property:" if (Get-ItemProperty $File -Name IsReadOnly) { Write-Output "Item is already readonly" } else { Write-Output "Item is not readonly, setting" Set-ItemProperty -Path $File -Name IsReadOnly -Value $true } Write-Output "File ready as readonly: " Get-ItemProperty $file -Name IsReadonly } Set-PerfcFile "C:\Windows\perfc" } $AccessList=@() $serverList| %{ if (Test-Wsman -ComputerName $_ -ErrorAction SilentlyContinue) { $AccessList+=$_ write-output "WinRM is enabled $_ . Adding to the list." } else { write-output "WinRM is not enabled on $_ . Run 'winrm quickconfig' to enable " } } Write-Output "These servers will be protected" $AccessList Invoke-Command -ScriptBlock $ScriptBlock -Credential $Credential -ComputerName $AccessList Write-Output "Finished the protection process" } $Serverlist= @("computer1", "computer2") $Credential = Get-Credential Protect-Perfc -ServerList $Serverlist -Credentials $Credential