BLOG

Researchers Found a Vaccine for Petya/NotPetya Ransomware

Researchers Found a Vaccine for Petya/NotPetya Ransomware

Lately, the news feed is crawling with ransomware attacks that get bolder every day. In today’s world, these attacks evolved from just infecting personal computers and are targeting governments, official institutions and even businesses. Recently, we have a new threat that needs addressing – Petya/NotPetya Ransomware.

The latest event happened in Ukraine, when a new Ransomware called Not Petya put everyone on hold. This was a new strain, using some parts of the old Petya (launched in 2016) and targets computers running Microsoft Windows. The ransomware locks the MFT and MBR sections in a hard drive, and prevents the operating system from booting. In typical Ransomware form, the infected user needs to pay a ransom in bitcoins to have their computer back. However the email address to send the payment to has been shutdown, so its impossible to pay to get your computer back.  If you’re infected you have lost that computer with its data.  It will also spread throughout your network so make sure you disconnect and infected computers from the network straight away.

As you can see, the effect is simple and straightforward. But, can you imagine what this would do to your business? Not being able to access important data for your company and not being able to communicate with your customers?

Petya/NotPetya Ransomware is stoppable and it’s not difficult

The first reaction in the cyber security community was to analyze the Petya/NotPetya Ransomware and look for loopholes of weaknesses to create a killswitch. However, during the analysis, a researcher from Cybereason security actually created a vaccine that will protect any computer from being infected with a version of the Petya/NotPetya Ransomware.

In order to apply this vaccine, every individual user has to create a certain file on their computer and set it to read-only. This way, Petya/NotPetya Ransomware will be blocked from executing and the computer won’t get infected. However, this will only work if every user is updated and follows the instructions. Otherwise, important computers may still remain unprotected.

How to vaccinate your computer: Step-by-Step instructions

A trusted internet computer information company called Bleeping computers has created the following instructions,which we have tested works correctly.  The original guide is available here.

First, configure Windows to show file extensions. For those who do not know how to do this, you can use this guide.

Once you have enabled the viewing of extensions, which you should always have enabled, open up the C:\Windows folder. After, scroll down till you see the notepad.exe program.  

When you see the notepad.exe program, left-click on it to highlight it. Then press the Ctrl+C( ) to copy and then Ctrl+V ( ) to paste it. When you paste it, you will receive a prompt asking you to grant permission to copy the file.


Press the Continue button and you will see a notepad – Copy.exe file. Left click on this file and press the F2 key on your keyboard and now erase the notepad – Copy.exe file name and type perfc.

After, press Enter on your keyboard. You will now receive a prompt asking if you are sure you wish to rename it.
Click on the Yes button. Windows will once again ask for permission to rename a file in that folder. Click on the Continue button.

Now, we need to make it read only. To do that, right-click on the file and select Properties.

At the bottom will be a Read-only checkbox. Put a checkmark in it as shown in the image below.


Now click on the Apply button and then the OK button. While in my tests, the C:\windows\perfc file is all I needed to vaccinate my computer, it has also been suggested that you create C:\Windows\perfc.dat and C:\Windows\perfc.dll to be thorough. You can redo these steps for those vaccination files as well.

Your computer should now be safe against the Petya/NotPetya Ransomware.

Onsite Helper is protecting your Business

As always, we are here for our clients and our team is ready to help you. Even more, Onsite Helper is a step ahead of you, and all our VIP managed service clients have all had this vaccine automatically pushed out to all computers and servers. So, if you are one of our VIP businesses, you don’t need to worry about this.


Sadly, we can’t cover clients that don’t use our VIP managed services. Since our monitoring and security software is not on your machines, we don’t have the necessary access to push this vaccine automatically. This means that you will have to install this vaccine manually. Or, better yet, give us a call and we’ll do it for you!


In the end, we strongly recommend all our customers to consider using our VIP managed services. Onsite Helper, as a Google Workspace partner, has helped businesses in Melbourne, Victoria, and all over Australia. To learn more about how to protect your business from these attacks in future, click here.

Disclaimer

Please note that this vaccine only protects against the current Petya/NotPetya Ransomware. Future variations of Petya may not be protected by this patch and the thousands of other Ransomware and other malware wont be protected by this either.

Recent Posts

Ever Wondered How Your IT Universe Stacks Up? Drop Us A Line, And We’ll Help Paint You A Picture.

  • Our customers love us, we know you will too. Proven track record of customer satisfaction
  • Your Goals are our Goals
  • Get connected with Tech guys in the know
  • We will keep you up to date and communicate in plain english – no IT Jargon
  • When it comes to your business, security is our #1 priority!
Google Cloud Partner

Contact Us

Fill out the form below so we can sit down and have a chat.