Petya Ransomware Vaccine Helps Protect Systems, But No Kill Switch To Stop The Cyberattack From Spreading
A "vaccine" can protect computers aganst the crippling Petya ransomware that started making ravages globally on Tuesday, June 27, but no kill switch is available yet.
Security researchers have found a trick to stop the ransomware in its tracks with a read-only file, but without a kill switch it means that this solution only works locally, on one computer at a time, and there's no way to stop the cyberattack from spreading and infecting more computers worldwide.
Petya Ransomware Vaccine
The gruesome cyberattack that crippled several organizations worldwide is still a mystery when it comes to its origins or its purpose. The attack required a $300 ransom amount and because it's not such a large sum, there has been speculation that the attack might be a political statement or have some other goal to cause massive disruption.
Some speculated that the attack might have originated from Russia, but Russian oil company Rosneft was hit as well. While security researchers have yet to come up with a kill switch to prevent this ransomware from spreading any further, there is a way to stop the attack on a machine and it only takes a single file.
To stop the attack, all one has to do is create a read-only file named "perfc" (without the quotation marks) and place it within the "C:\\Windows" folder on a computer, making it read-only. Security news site BleepingComputer has more details on how this trick works, and other security experts have confirmed that it's a good solution.
The fix has limited effectiveness considering that users have to manually create the read-only file on one computer at a time, but it's better than nothing and should limit the damage until researchers create a kill switch to disable the ransomware altogether. For now, the "perfc" file can only protect the computer it's on.
BleepingComputer's Lawrence Abrams has also created a batch file to make it easier and quicker for users to "vaccinate" their computers. For those who want to perform this task manually, BleepingComputer has a detailed guide with step-by-step instructions on how to do it.
Petya Ransomware Details
This crippling ransomware hit Ukraine the hardest, but it quickly spread across Europe and beyond, hitting several countries including the UK, Australia, the United States, and more.
One version of the Petya ransomware has been referred to as "NotPetya" and it initially spreads through phishing emails. Once it infects a system, it demands $300 in bitcoin as ransom. If it manages to get hold of a system behind a firewall, it can rapidly spread to other computers on the same network.
This cyberattack spreads similarly to the WannaCry attack from May, using an exploit dubbed "EternalBlue" in Microsoft's Server Message Block (SMB v1) protocol. However, that exploit has received a patch a good while ago, yet this ransomware keeps spreading at an alarmingly rapid pace.
Lastly, it's worth pointing out that even if a machine gets the "vaccine" and becomes immune to the attack, it's still a "carrier" and can help further spread the ransomware to other systems on the same network.