The ransomware nightmares are back again. Just over a month after the devastating WannaCry ransomware crippled hundreds of thousands of computers around the world, a new strain of the Petya ransomware affected many organisations in Ukraine, Russia and Western Europe on Tuesday.
Cyber security researchers said that this new ransomware borrows some code from the Petya ransomware, which first started circulating in 2016. Being a completely new stain of the older threat altogether, the ransomware is now preferably called "NotPetya," "Petna," or "GoldenEye" by experts.
At a time when people around the world are scurrying for preventive measures to better defend against the Petya ransomware, a Cybereason security researcher Amit Serper has reportedly found a way prevent Petya from infecting computers.
While analysing the internals of the ransomware, Serper discovered that it would search for a specific local file in an infected computer, and would stop its encryption process if it locates the file on the disk.
98% sure that the name is is perfc.dll Create a file in c:windows called perfc with no extension and #petya #Nopetya won't run! SHARE!! https://t.co/0l14uwb0p9
— Amit Serper (@0xAmit) June 27, 2017
Following Serper's initial findings, other security researchers like PT Security and TrustedSec also took to Twitter to confirm the same. What victims need to do is to create that file on their computers, set it to read-only and prevent the Petya ransomware from executing its encryption routine.
Serper, however, prefers to call it a "fix" rather than a kill switch, probably because it requires users to create the local file, unlike a "switch" that allows developers to turn it on to thwart potential; infections.
How to enable the Petya fix
To avoid the Petya infection, users need to create a file called perfc in the C:Windows folder and make it read only. Users, however, need to know that it's a temporary fix.
Here're the steps showing how to do it:
Step 1: Configure Windows to show file extensions. Check out this guide if you are not sure how to do it.
(Also make sure that the option to "Show hidden files, folders, and drivers" is checked.)
Step 2: Open up the C:Windows folder, and scroll down to the notepad.exe program.
Step 3: Left-click on notepad.exe to highlightit, press the Ctrl+C to copy and Ctrl+V to paste it.
Step 4: Click on the Continue button to grant permission to copy the file.
(A new file will be created as notepad - Copy.exe)
Step 5: Now, erase the notepad - Copy.exe file name and rename it as perfc.
Step 6: After renaming the file, press Enter on your keyboard, and click on the Yes button when you get a prompt asking if you are sure to rename it.
Step 7: You will be asked for permission to rename a file in the C:Windows folder. Click on the Continue button to proceed.
Step 8: To make it read only, right-click on the file and select Properties from the drop down menu.
Step 9: Under the General section, make sure that the Read-only attribute is checked. After that click on the Apply button, followed by the OK button.
[Source: Bleeping Computer]