A Kill Switch or Vaccination for the Petrwrap or NoPetya or NotPetya Ransomware has been found that can kill the ransomware in its tracks and save your computer from being infected. The NotPetya Ransomware has already created havoc in most parts of the world.
NotPetya uses the EternalBlue vulnerability that infects computers using SMBv1. It also uses Windows WMIC and PSExec processes. The ransomware is capable of attacking and infecting all Windows systems. It overwrites the Master Boot Record and on reboot, infects the computer blocking access to it. Once it hacks your computer, it demands a ransom amount of $300 in Bitcoin.
However, there are some basic precautions you can take, and they are:
- Install all Windows patches
- Block SMB1 across your network
- Use a tool like MBR filter to block write access to the Master Boot Record
More details about how this ransomware operates can be found on Cybereason.com.
NotPetya Ransomware Vaccination
Cybereason Principal Security Researcher Amit Serper tweeted that he has discovered a vaccination that stops NotPetya ransomware in its tracks.
To activate the vaccination mechanism you have to create a file named perfc, with no extension and place it in the C:Windows folder.
When NotPetya ransomware runs, it searches for this file in the C:Windows folder, and if it is found, it ceases its operation.
Ransomware attacks are on the rise, and all computers users need to take some basic precautions to secure their systems. One can also consider some free anti-ransomware software like RansomFree as an additional security layer.