Possible “Vaccine” for Petya Ransomware Found
Amit Serper, a security researcher at Boston-based Cybereason, discovered a fix to aid computers infected by Petya June 27. However, he explained this solution is only a "workaround," not a killswitch.
Here are four things to know about Mr. Serper's discovery.
1. Petya, which charges its targets $300 to unencrypt their files, appears to leverage the same Windows vulnerability used in the worldwide WannaCry ransomware attack in May. The ransomware variants both exploited a vulnerability developed by the National Security Agency, which was released online by the hacker group Shadow Brokers in April.
2. However, unlike WannaCry, Petya also used two additional methods to spread its ransomware — including stealing victims' credentials. Security experts note the enhanced strategy means users who updated their computer networks with the Microsoft patch prior to the Petya attack might still be vulnerable to the ransomware.
3. Mr. Serper discovered what several experts have called a "vaccine" for computers infected by Petya. Mr. Serper encouraged targets to create a file named "perfc," with no extension name, in the C:\Windows\ folder. This fix will reportedly protect an infected computer from running the ransomware.
4. Mr. Serper took to Twitter June 27 to emphasize "This is not a generic Killswitch, it's a temporary workaround."
Serper’s twitter is https://twitter.com/0xAmit and has his explanation of how this works and what to do ifyou are infected.
(Story via Becker’s Hospital Review)