A new variant of the Petya (NotPetya/SortaPetya/Petna) ransomware, which has been infecting computers all over the world in the past day, has now got a vaccine which you can try out in case your computer is busted.
This new ransomware strain, which has been spreading through the interwebs as fast as WannaCry, actually looks for a file on an infected machine, and if it finds it – it will exit its encryption routine.
So what people with infected machines need to do is create that file, set it to read-only and the ransomware will basically become useless. The findings have been confirmed by multiple cyber-security organisations, which you can find here, here and here.
Researchers did stress that this is a vaccine, and not a kill switch. After all, each machine needs to create this file separately.
What you want to do is create a file named perfc in the C:\Windows folder and make it read only.
There's also a batch file that does everything for you, in case you can't be bothered.
According to Malwarebytes, a Ukrainian software company called Me Doc “pushed an update which installed the malware on the “victim zero” system. Then, using a mix of PSExec, WMI, and EternalBlue, it was able to spread to every other computer on the network.”
Me Doc has claimed that this isn’t the case, but Malwarebytes cannot confirm that this was the source of the original infection.
Also, in case you’re infected, you should definitely not pay the ransom. The email service that hosted the address where victims were supposed to send their payments has closed the account.
Image Credit: WK1003Mike / Shutterstock