Security researcher Amit Serper has found a way to prevent the Petya/NotPetya ransomware, according to a report from Bleeping Computer.
As this ransomware has made an appearance around WannaCry’s timeline, the researchers believed that there might be some killswitch domain to take care of Petya’s wrath. However, after analyzing its inner working, Serper found that Petya ransomware would cease its encryption routine if it finds a local file on disk. His finding has been confirmed by other security researchers too.
To make sure that your computer is vaccinated against Petya, you should create a file called perfc in C:\Windows folder and make it read only. Here’s how to do it —
To do so, you need to first enable Windows extensions by opening Folder Options. There, uncheck the Hide extensions for known file types option.
Now open C:\Windows folder and find thenotepad.exe program. Select it using left-click, press Ctrl+C to copy it and use Ctrl+V to paste it.
After this, a new notepad – copy.exe file will be created. Now rename this file as perfc and hit Enter. You’ll be shown a prompt that’ll ask you if you’re sure to rename it. Choose Yes and continue.
Now, to make the file read-only, right-click on the file and select Properties.
In the perfc Properties window, look for a Read-only checkbox at the bottom. Check it and click on Apply and then OK.
That’s all you need to do for making sure that you’re protected against Petya ransomware. Please note that it isn’t like a WannaCry killswitch that took care of the ransomware globally. This vaccine is applicable to a single computer on which it’s applied.
So, did you find this article on Petya ransomware vaccine helpful? Share your views in the comments.