Boston security researcher discovers 'vaccine' for Petya ransomware: 4 things to know

Amit Serper, a security researcher at Boston-based Cybereason, discovered a fix to aid computers infected by Petya June 27. However, he emphasized the solution is only a "workaround," not a killswitch.

Here are four things to know about Mr. Serper's discovery.

1. Petya, which charges its targets $300 to unencrypt their files, appears to leverage the same Windows vulnerability used in the worldwide WannaCry ransomware attack in May. The ransomware variants both exploited a vulnerability developed by the National Security Agency, which was released online by the hacker group Shadow Brokers in April.

2. However, unlike WannaCry, Petya also used two additional methods to spread its ransomware — including "stealing victims' credentials," according to The New York Times. Security experts note the enhanced strategy means users who updated their computer networks with the Microsoft patch prior to the Petya attack might still be vulnerable to the ransomware.

3. Mr. Serper discovered what several experts have called a "vaccine" for computers infected by Petya, NPR reports. Mr. Serper encouraged targets to create a file named "perfc," with no extension name, in the C:\Windows\ folder. This fix will reportedly protect an infected computer from running the ransomware.

4. Mr. Serper took to Twitter June 27 to emphasize "This is not a generic Killswitch like @MalwareTechBlog found, it's a temporary workaround." In May, a 22-year-old U.K. security researcher — who goes by the online name "MalwareTech" — discovered a 'kill switch' in the WannaCry software's code, which stopped the ransomware from distributing to new devices.

Copyright © 2023 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars