Here are four things to know about Mr. Serper’s discovery.
1. Petya, which charges its targets $300 to unencrypt their files, appears to leverage the same Windows vulnerability used in the worldwide WannaCry ransomware attack in May. The ransomware variants both exploited a vulnerability developed by the National Security Agency, which was released online by the hacker group Shadow Brokers in April.
2. However, unlike WannaCry, Petya also used two additional methods to spread its ransomware — including “stealing victims’ credentials,” according to The New York Times. Security experts note the enhanced strategy means users who updated their computer networks with the Microsoft patch prior to the Petya attack might still be vulnerable to the ransomware.
3. Mr. Serper discovered what several experts have called a “vaccine” for computers infected by Petya, NPR reports. Mr. Serper encouraged targets to create a file named “perfc,” with no extension name, in the C:Windows folder. This fix will reportedly protect an infected computer from running the ransomware.
4. Mr. Serper took to Twitter June 27 to emphasize “This is not a generic Killswitch like @MalwareTechBlog found, it’s a temporary workaround.” In May, a 22-year-old U.K. security researcher — who goes by the online name “MalwareTech” — discovered a ‘kill switch’ in the WannaCry software’s code, which stopped the ransomware from distributing to new devices.
More articles on health IT:
Global ransomware ‘Petya’ hits Merck, Pennsylvania health system: 5 things to know
Are female-led US tech startups more likely to hire women? 3 survey insights
Viewpoint: IBM Watson ‘choking on its own hype’ in healthcare
