Jump to content
etsit

New Ransomware Peyta

Recommended Posts

Hello etsit:

A MBARW Beta development team member/staffer will be requested to weigh-in.

Thank you for your interest in Malwarebytes Anti-Ransomware.

Share this post


Link to post
Share on other sites

:welcome:

I am understanding that you are asking for the benefit of protecting your own system.
I am going to list for you 2 sections of advice.

( 1)
Malwarebytes Anti-Malware Premium provides active real-time protection against most commonly prevalent malware "currently out in the wild".
But even if you have that it would not get your machine total immunity.

Malwarebytes Anti-Exploit provides passive ( background ) protection against zero-day type exploits and Windows exploits & web browser & Java exploits.
We have a free version Malwarebytes Anti-Exploit (MBAE) that protects against exploit attacks.  Install it if you do not already have it on this machine.
"the download link for the setup utility is this":https://downloads.malwarebytes.org/file/mbae_current/

If you do not have it, I would recommend you install the Anti-Exploit in free use mode.  Save the setup first.  Then run to install.
If you are a heavy user of MS Office, you are urged to considering the Premium Malwarebytes Anti-Exploit.


( 2 )
*In brief, no one single program is going to give you a all-perfect shield.*  A lot depends on what computer users do, their daily safety practices, and the security protocol at your place.

Our softwares detect the most prevalent malwares out in the wild.   But there is no guarantee whatever if one single computer user at your place lets their guard down, and for example, opens a bad attachment or is super quick to click without checking, especially with email.
In addition, be aware that crypto ransomwares continuously evolve and has rapid change cycles.  Newer versions are coming out quicker. Thus "their tell-tale fingerprints" change all the time.

Please keep in mind that your antivirus is in the front line of your computer protection.
Next, comes your software firewall.
and hopefully somewhere, ahead of your computer’s internet connection is a hardware router. ( another layer of protection).
Only after all these, does our software come into the picture. It is designed as a supplement.
That is a brief rundown on the need for a layered set of protections.

No one single security application can detect and remove all threats, it’s a statistical impossibility.

We update MBAM as many as a dozen times per day and are always researching and adding new detection and removal routines to the database.
Our research team is constantly analyzing and reviewing new infections for inclusion into our database. With the prevalence of new variants and infections the staff is working around the clock.
All security programs will still not be able to catch everything at some point, this is a given known fact and is the main reason why security professionals across the globe strongly advocate a ‘layered’ approach to security:
Dedicated antivirus
Dedicated antimalware
Third party firewalls
Backups on a regular basis of all important personal documents, files, etc. Backup is your best friend.

*Other notes:*
Safer practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself.  Do not double click in the email.  Always Save first and then scan with antivirus program.

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address   ( one that does not fit or is odd looking or has typos).

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Don't remove your current user-account.  Just use the new Standard-user-level one for everyday use while on the internet.

Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.

Check in at http://windowsupdate.microsoft.com]Windows Update and install any Important Updates offered.

Make certain that Automatic Updates is enabled.
How to configure and use Automatic Updates in Windows
http://support.microsoft.com/kb/306525

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (PSI) on a regular basis.
See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
http://www.bleepingcomputer.com/tutorials/tutorial174.html

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

Share this post


Link to post
Share on other sites

Sorry, I meant to ask whether the new anti-ransomware will prevent this or not?

Share this post


Link to post
Share on other sites

Yes, I understood that perfectly.   Best way is to follow daily safer practices.  That is why I relayed the tips.  That is the way to go.  Backup + faithful  daily behaviors regarding staying secure.   A lot of victims of  ransomwares incidents fell victim to various sorts of alluring, deceptive "lures".

Share this post


Link to post
Share on other sites

Thanks, but that doesn't answer my question....there was a good thread malwarebytes ransomware but I can't find it anymore, so I am asking, can it block peyta?

Share this post


Link to post
Share on other sites

You are asking specifics that would have to be addressed & answered by someone in dev. 

Share this post


Link to post
Share on other sites

Just so you know, "cruelsister1" doesn't share the samples she tests with any company whose products she reviews/tests, which basically invalidates all her tests if you ask me, because we don't know what she did to the samples before testing them.

Share this post


Link to post
Share on other sites
7 minutes ago, Aura said:

Just so you know, "cruelsister1" doesn't share the samples she tests with any company whose products she reviews/tests, which basically invalidates all her tests if you ask me, because we don't know what she did to the samples before testing them.

She shares the samples when it's something she didn't code herself. If the dev contacts her she will but it's not needed in this case because pretty sure Malwarebytes already has the sample.

Share this post


Link to post
Share on other sites

Doesn't look like it, because she flat out refused to share the samples with the companies involved (from what I know).

For all we know, it could be a custom-modified Peyta sample that she modified herself to bypass MBARW for these tests. Tests and benchmarks that do not share the samples are quite useless if you ask me, because there's no way to verify them.

Share this post


Link to post
Share on other sites
5 minutes ago, Aura said:

Doesn't look like it, because she flat out refused to share the samples with the companies involved (from what I know).

For all we know, it could be a custom-modified Peyta sample that she modified herself to bypass MBARW for these tests. Tests and benchmarks that do not share the samples are quite useless if you ask me, because there's no way to verify them.

Here proof of what i said above that she shares stuff with devs she didn't code herself.

http://www.wilderssecurity.com/threads/hitmanpro-alert-support-and-discussion-thread.324841/page-358#post-2572272

Share this post


Link to post
Share on other sites

This is easily remediated.  MBAM Staff should ask her to share *this* sample, and re-make the video showing the SHA-1 hash of the file she is using to infect herself so that the veracity can be absolutely confirmed.

Share this post


Link to post
Share on other sites

As to the original subject of this thread _ Petya

It is reported that this Petya ransomware is spread via email attachments.  Hence, the old motto an ounce of safe prevention is worth beyond measure.

Never ever open email attachments from email directly.  and certainly never ever open outright before asking

"Am I expecting a attachment from this source?"

always delete the email outright if "it" is about a proposal, offer, etc if you cannot vouch for the source.  Situational awareness will pay off big time.

Always any attachment first save to disk.  Scan first with antivirus if you cant vouch for the source + with Malwarebytes.  That in addition to never having logged into Windows with a administrator level will keep the odds in your favor.

Today it is this variety.  Next week there will be different varieties.

signing out.

Share this post


Link to post
Share on other sites

This isn't traditional ransomware. It does not encrypt your files, but rather locks the MBR basically locking you out of the OS. 

That being said, this malware will be blocked by Malwarebytes Anti-Ransomeware

Share this post


Link to post
Share on other sites

Ok, so Peyta would be blocked/prevented by Malwarebytes Anti-Malware Premium but NOT by Malwarebytes ransomware? And Locky, Cryptowall, all versions of Cryptolocker and all other ransomware would be blocked by Malwarebytes Ransomware but not by Malwarebytes AntiMalware?

Thanks.

Share this post


Link to post
Share on other sites
On 3/28/2016 at 5:20 PM, Aura said:

Doesn't look like it, because she flat out refused to share the samples with the companies involved (from what I know).

For all we know, it could be a custom-modified Peyta sample that she modified herself to bypass MBARW for these tests. Tests and benchmarks that do not share the samples are quite useless if you ask me, because there's no way to verify them.

Philosophically, as an end user, that provides me with no comfort.  Unless you're going to allege that the test is essentially being presented as an illusion, and not real malware, if malware can so easily be tweaked to get around a product, given the relatively small market of security products in existence, that's terrifying.

On 3/30/2016 at 4:52 PM, Decrypterfixer said:

This isn't traditional ransomware. It does not encrypt your files, but rather locks the MBR basically locking you out of the OS. 

That being said, this malware will be blocked by Malwarebytes Anti-Malware Trial/Premium.

Do I understand then that for malware such as what's presented, your files are still intact, and you could simply pull the disk out of your computer and load the files onto another device or fresh disk?  Essentially as a worst case scenario, the malware is defeated by reinstalling the OS?

Share this post


Link to post
Share on other sites

Once the product is integrated into Malwarebytes Anti-Malware it would. For now yes MBARW will protect from it.

No Petya does not encrypt the files but it does encrypt the MBR and the MFT so it would still take an experienced data recovery analyst to get your data back.

Prevention and Backups are a must in today's world of encryption threats.

Please read the following

Backup Software

The complexity of finding, preventing, and cleanup from malware


Thanks

 

 

Share this post


Link to post
Share on other sites

From what I can understand from Petya, you can recover your files if you use a data recovery software that doesn't relies on the MFT, but it doesn't mean that you'll be able to recover all your files. There was a discussion about it on a forum where they were talking about the recovery of files as well. If I can find it, I'll link the thread here.

Share this post


Link to post
Share on other sites
On 3/28/2016 at 9:40 AM, Maurice Naggar said:

Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (PSI) on a regular basis.
See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
http://www.bleepingcomputer.com/tutorials/tutorial174.html

Hi Maurice Naggar,

Thanks for the info on Secunia Personal Software Inspector. I have a question, after using Secunia it said my Malwarebytes Anti-Exploit was up to date (version 1.07.1.1015) However I have the new version setup in my Downloads file (version 1.08.1.1189). With the free version is updating manual only?

So basically I am asking if version 1.07.1.15 is considered "up to date" and do I need to uninstall it to run the version 1.8.1.1189 setup?

Sorry if this is not posted in the correct place but using your link brought the question to my mind.

On 3/28/2016 at 9:40 AM, Maurice Naggar said:

Check in at http://windowsupdate.microsoft.com]Windows Update and install any Important Updates offered.

The link above has something mixed up, it takes me back to this topic. :unsure:

 

 

Share this post


Link to post
Share on other sites

Hi, I didn't see a direct answer to my questions..... "so Peyta would be blocked/prevented by Malwarebytes Anti-Malware Premium but NOT by Malwarebytes ransomware? And Locky, Cryptowall, all versions of Cryptolocker and all other ransomware would be blocked by Malwarebytes Ransomware but not by Malwarebytes AntiMalware?"

Also, MB did decide to integrate Anti-Ransomware to MB Anti-Malware Premium?

Thanks.

Share this post


Link to post
Share on other sites

I cannot answer your first question (personally, I would leave the specifics to Nathan), but Malwarebytes Anti-Ransomware will be integrated in the future in Malwarebytes Anti-Malware (Premium most likely, and Trial). It's been said in one of the pinned thread already.

Share this post


Link to post
Share on other sites
4 minutes ago, Aura said:

I cannot answer your first question (personally, I would leave the specifics to Nathan), but Malwarebytes Anti-Ransomware will be integrated in the future in Malwarebytes Anti-Malware (Premium most likely, and Trial). It's been said in one of the pinned thread already.

Is there a timeline for it?

Share this post


Link to post
Share on other sites
5 minutes ago, Aura said:

I cannot answer your first question (personally, I would leave the specifics to Nathan), but Malwarebytes Anti-Ransomware will be integrated in the future in Malwarebytes Anti-Malware (Premium most likely, and Trial). It's been said in one of the pinned thread already.

Will anti-exploit continue to be a different product?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.