Currently, there is no one solid protection from the latest “Petya” Ransomware attack which spread across globally on Tuesday. A computer researcher has recently discovered the way you can protect you systems from Ransomware attack by creating a single file on Windows.
After a little gap of week WannaCry has struck the world again with greater and stronger malware. On Tuesday, WannaCry Ransomware disrupted many governmental and non-governmental organizations throughout the world including Russia, Ukraine, Denmark, UK, USA and some other EU countries by locking down their systems, banks, oil companies and airports.
Researchers explained in a blog post and believe that EternalBlue SMB was exploited to push ransomware, this exploit is influenced by original Petya and comes with additional functionality as well, additional abilities includes; using PSExec on the system which has admin credentials on, ability to encrypt full hard drives all this allows the duplication of ransomware on any system connected to network.
Bleeping Computer says, there is a way to prevent infection, it cannot be the cure after the virus hit the system but it could serve as preemptive measure, it can protect your computer and remove the vulnerabilities ransomware attack uses to cripple your system.
Cyber security researcher Amit Serper has shared valuable information to create one simple windows file which will prevent ransomware from entering the system. He assured the success of this method by 98%.
— Amit Serper (@0xAmit) June 27, 2017
If you have not patched your systems already, you can create a file and set it to read-only to block the potential threat of ransomware and its execution. Ransomware after infection looks for a local file for execution which is blocked with this technique.
HOW TO CREATE A FILE TO PREVENT RANSOMWARE
To enable this protective measure, an extensionless file named perfc needs to be created directly in the C:\Windows folder and set it to read-only.
First of all enable Windows extensions. The C:\Windows folder will then be opened, and a separate tab will open the Notepad application. Create a file named perfc, hit enter, and make sure there is no extension added to this. Now the file is created, now right-click on the file and go to Properties, and check “Read-only.” Now copy this file to the Windows folder.
Now the file is in correct place to display C:\Windows\perfc. Its that simple!!!!
Other researcher also confirmed this technique helpful to prevent attack Dave Kennedy in this thread tweeted about his views.
— Dave Kennedy (ReL1K) (@HackingDave) June 27, 2017
There is no cure as yet to remove Petya from the systems that are already been affected, researcher are working hard to find a solution that can kill Petya immediately and stop this global campaign. It is also possible that attackers may change the way of execution to bypass this temporary measure—which makes patching a must and permanent cure.
So far creating a perfc file in windows is the measure that can help individuals system from being infected and you should apply it as early as possible, Microsoft has not updated any news on the attack and its cure, still waiting their input on this global chaos.
— Microsoft News (@MSFTnews) June 27, 2017