RansomWare Attack in Europe based on Petya

Was notified by a friend in the USA that their company is under ransom ware attack and the miscreants are asking 300 USD equivalent in BitCoins to free each device.  They mentioned Petya.  With all this being so wide spread I did a cursory check to see what is going on.   It is notable to me that I keep hearing about hospitals being affected.  Perhaps some of those cheap Indian I.T. workers that hospitals are using are moonlighting?

Research Links

• ZeroHedge: "Massive Cyberattack – Spreads Across Europe, Hits Ukraine, Russia, UK, Denmark
• Google: Petya
• Petya ransomware running rampant: how to turn off SMBv1 in Windows to make sure you’re safe  – this arty suggests that turning off smb1 saying it is antiquated and vulnerable.  Versions SMB2 & 3 exist.
• Wikipedia: SMB – Server Message Block
• How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server
• No SMB entries in Windows 7 Registry – Is it normal?

News

• NSA-Linked Hackers Raise Price Of Monthly Subscription to $61,000 After Tuesday's Cyberattack

In windows 7 there are no hooks in Control Panel to turn smb1 on and off.  They suggest editing the following registry key.  To enable or disable SMBv1 on the SMB server, configure the following registry key: When I attempted this there was no entry for SMB1.  I created it and set it equal to zero.  Not sure if that will help me.

Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters                 

Registry entry: SMB1 
REG_DWORD: 0 = Disabled 
REG_DWORD: 1 = Enabled 
Default: 1 = Enabled