Security Researcher Finds Petya “Vaccine”

June 29, 2017
By Marcos Colon

A security expert has found a way from preventing the nasty Petya ransomware from infecting computers.

Although not considered a killswitch, Cyberason security researcher Amit Serper found that the ransomware searches for a local file and will exit the encryption process if the file already existed on the disk, according to a report by Bleeping Computer.

If victims create the file on their machines – and set it to read-only – it blocks the ransomware from executing. “Assuming that the original name of the dll is perfc.dll then placing a file in c:windows called perfc should make the ransomware not to run,” Serper tweeted on Tuesday.

Each computer must independently create this file, which is why this method is only considered a vaccine and not a kill switch.

On Tuesday, the ransomware – which was first believed to be a variant of the Petya malware, but now is believed to be a new strain which borrowed code from Petya – impacted major companies in Spin, India, the UK, and the U.S.

prestitial ad