Petya Vaccine Found:
Video + Walkthrough
Subscibe to All Security Updates
Written by Marc Lande, MDS
Cyber security researcher Amit Serper has found a way to prevent the Petya ransomware from infecting computers.
WannaCry all over again.
Similar to the WannaCry disaster that took over the globe a few months ago, Petya operates by asking victims to pay $300 ransom to unlock their files. The ransomware has been wreaking havoc across the globe since Tuesday, locking hard drive MFT and MBR sections and preventing computers from booting.
Amit Serper’s Discovery:
Serper was the first to discover that this new strain of Petya would search for a local file and would exit its encryption routine if that file already existed on disk. His findings were also confirmed by other security researchers: PT Security, TrustedSec, and Emsifot.
How This Helps You:
Those vulnerable now have the ability to create that local file on their PCs, set it to “read-only” and effectively block the ransomware from infecting their computers.
Download The Vaccine Batch File
How to Enable the Vaccine:
To vaccinate your computer so that you are unable to get infected with the current strain, create a file called perfc in the C:\Windows folder and make it read only. For those who want a quick and easy way to perform this task, Lawrence Abrams from Bleeping Computer has created a batch file that performs this step for you, which you can download by filling out the correlating form.
Step One: Configure Windows to show file extensions and make sure the Folder Options setting “hide extensions” for known file types is unchecked like below.
Step Two: After you have enabled the viewing of extensions (which should always be enabled) open up the C:\Windows folder. Once the folder is open, scroll down till you see the notepad.exe program.
Step Three: Once you see the notepad.exe program, left-click on it once so it is highlighted. Then press Ctrl+C to copy and then Ctrl+V to paste it. When you paste it, you will receive a prompt asking you to grant permission to copy the file.
Step Four: Press the Continue button and the file will be created as notepad - Copy.exe. Left click on this file and press the F2 key on your keyboard and now erase the notepad - Copy.exe file name and type perfc as shown below.
Step Five: Once the filename has been changed to perfc, press Enter on your keyboard. You will now receive a prompt asking if you are sure you wish to rename it.
Click on the Yes button. Windows will once again ask for permission to rename a file in that folder. Click on the Continue button.
Now that the perfc file has been created, make it read only. To do that, right-click on the file and select Properties as shown below.
The properties menu for this file will now open. At the bottom will be a checkbox labeled Read-only. Put a check-mark in it as shown in the image below.
Step Six: Click the Apply button and then click OK. The properties Window should now close. To be thorough as possible, it is recommended that you create C:\Windows\perfc.dat and C:\Windows\perfc.dll h. You can redo these steps for those vaccination files as well.
Your computer should now be vaccinated against the NotPetya/SortaPetya/Petya Ransomware.
This information was received from a post in Bleeing Computer by Lawrence Abrams and Catalin Cimpanu.
Building out and maintaining your IT ecosystem doesn’t have to be a do-it-yourself project. MDS can help identify network issues, configure devices, and optimize your infrastructure to maximize efficiency and performance. Our consultants are highly trained technology specialists that understand the complexities of multi-vendor environments and have the knowledge and skills to help your business become more agile, customer-focused and operationally efficient.