A security researcher has found a fix for the latest Petya Ransomware attack. For now, you can vaccinate your system in seconds by creating a particular file. If Petya finds that file on the disk, it stops the encryption business. Please note that users need to create this file independently on each computer and it doesn’t fix things globally like WannaCry killswitch. Yesterday we reported about the deadly Petya ransomware which exploits Eternal Blue vulnerability, the same exploit which was used by the creators of WannaCry exploit. For those who don’t know, Eternal Blue was designed by NSA and leaked by Shadow Brokers. The ransomware has already affected multiple countries like Ukraine, Russia, Poland, Germany, etc.
Security researcher Amit Serper has found a way to prevent the Petya/NotPetya ransomware, according to a report from Bleeping Computer.
As this ransomware has made an appearance around WannaCry’s timeline, the researchers believed that there might be some killswitch domain to take care of Petya’s wrath. However, after analyzing its inner working, Serper found that Petya ransomware would cease its encryption routine if it finds a local file on disk. His finding has been confirmed by other security researchers too.
To make sure that your computer is vaccinated against Petya, you should create a file called perfc in C:\Windows folder and make it read only.
Source: https://fossbytes.com/petya-ransomware-vaccine-fix/
Submitted by: Arnfried Walbrecht
Why does FCM care ?
Comments are closed.