Skip to main content

Petya Ransomware Vaccine: This Single File Will Protect You From Latest Attack


petya ransomware vaccine fix
A security researcher has found a fix for the latest Petya Ransomware attack. For now, you can vaccinate your system in seconds by creating a particular file. If Petya finds that file on the disk, it stops the encryption business. Please note that users need to create this
file independently on each computer and it doesn’t fix things globally like WannaCry killswitch.
Yesterday we reported about the deadly Petya ransomware which exploits Eternal Blue vulnerability, the same exploit which was used by the creators of WannaCry exploit. For those who don’t know, Eternal Blue was designed by NSA and leaked by Shadow Brokers. The ransomware has already affected multiple countries like Ukraine, Russia, Poland, Germany, etc.
Earlier it was believed that the current malware is a variant of the older Petya ransomware, which made headlines last year. However, after further analysis, Kaspersky confirmed that it’s a new infection and they labeled it as “NotPetya.”
The working of Petya is a lot different from its other ransomware counterparts. This malware waits for about 10-60 minutes after the infection and then reboots the system using “at” or “schtasks” and “shutdown.exe” utilities. After the reboot, Petya starts encrypting MFT table in NTFS partitions and overwrites the MBR with the folder that contains ransom notes.
You can read more about Petya ransomware’s working here at Kaspersky’s Securelist blog.

How to enable Petya ransomware fix/vaccine?

Security researcher Amit Serper has found a way to prevent the Petya/NotPetya ransomware, according to a report from Bleeping Computer.
As this ransomware has made an appearance around WannaCry’s timeline, the researchers believed that there might be some killswitch domain to take care of Petya’s wrath. However, after analyzing its inner working, Serper found that Petya ransomware would cease its encryption routine if it finds a local file on disk. His finding has been confirmed by other security researchers too.
To make sure that your computer is vaccinated against Petya, you should create a file called perfc in C:\Windows folder and make it read only. Here’s how to do it —
  1. To do so, you need to first enable Windows extensions by opening Folder Options. There, uncheck the Hide extensions for known file types option.
  2. Now open C:\Windows folder and find the notepad.exe program. Select it using left-click, press Ctrl+C to copy it and use Ctrl+V to paste it.
  3. After this, a new notepad – copy.exe file will be created. Now rename this file as perfc and hit Enter. You’ll be shown a prompt that’ll ask you if you’re sure to rename it. Choose Yes and continue.
  4. Now, to make the file read-only, right-click on the file and select Properties.
  5. In the perfc Properties window, look for a Read-only checkbox at the bottom. Check it and click on Apply and then OK.
That’s all you need to do for making sure that you’re protected against Petya ransomware. Please note that it isn’t like a WannaCry killswitch that took care of the ransomware globally. This vaccine is applicable to a single computer on which it’s applied.
So, did you find this article on Petya ransomware vaccine helpful? Share your views in the comments.

Comments

Follow Us

WHAT'S HOT

Fappening 2.0 Continues: Private Photos Leak Affects Miley Cyrus, Rosario Dawson, Suki Waterhouse

ust when we thought that Fappening 2.0 leaks were over, the 4th wave just arrived. This alleged leak of private pictures has affected Miley Cyrus, Rosario Dawson, and Suki Waterhouse. Reported by myth-busting publication Gossip Cop, the pictures were first posted on notorious website Celeb Jihad.

84-year-old woman dies after being stung more than 500 times by swarm of bees (photos)

An 84-year-old woman from Brazil died after she was stung by a whole beehive She was out collecting firewood when she disturbed the bees who stung her until rescuers arrived The old woman died from the beestings on her way to the hospital 84-year-old Divina Ambrósio de Jesus from Brazil recently died after she got stung by a swarm of bees. The beestings covered the old woman's body including her face The old lady was out collecting firewood when she accidentally disturbed a beehive. The bees repeatedly sting the old lady for 30 minutes.

MC Galaxy – DIO (Refix) | prod. KrizBeatz

“With the recently released  “MMM” Album  still causing a furore online and on the streets, MCG Empire Boss –  MC GALAXY  comes through with the  refix  to  DIO  (which means come), the 3rd track of the critically acclaimed sophomore body of work.

Man beats up boyfriend of woman who spat on him on a train (Video)

A woman spat on a man on the train, but instead of the man hitting the girl he beat up her boyfriend. What do you think of his action? Watch video below.. ..