Boston security researcher discovers 'vaccine' for Petya ransomware: 4 things to know

Amit Serper, a security researcher at Boston-based Cybereason, discovered a fix to aid computers infected by Petya June 27. However, he emphasized the solution is only a "workaround," not a killswitch.

Here are four things to know about Mr. Serper's discovery.

1. Petya, which charges its targets $300 to unencrypt their files, appears to leverage the same Windows vulnerability used in the worldwide WannaCry ransomware attack in May. The ransomware variants both exploited a vulnerability developed by the National Security Agency, which was released online by the hacker group Shadow Brokers in April.

2. However, unlike WannaCry, Petya also used two additional methods to spread its ransomware — including "stealing victims' credentials," according to The New York Times. Security experts note the enhanced strategy means users who updated their computer networks with the Microsoft patch prior to the Petya attack might still be vulnerable to the ransomware.

3. Mr. Serper discovered what several experts have called a "vaccine" for computers infected by Petya, NPR reports. Mr. Serper encouraged targets to create a file named "perfc," with no extension name, in the C:\Windows\ folder. This fix will reportedly protect an infected computer from running the ransomware.

4. Mr. Serper took to Twitter June 27 to emphasize "This is not a generic Killswitch like @MalwareTechBlog found, it's a temporary workaround." In May, a 22-year-old U.K. security researcher — who goes by the online name "MalwareTech" — discovered a 'kill switch' in the WannaCry software's code, which stopped the ransomware from distributing to new devices.

More articles on health IT:
Global ransomware 'Petya' hits Merck, Pennsylvania health system: 5 things to know
Are female-led US tech startups more likely to hire women? 3 survey insights
Viewpoint: IBM Watson 'choking on its own hype' in healthcare

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months