Kill-Switch for Petya ransomware on Windows
PT Security, a UK-based cyber security company and Amit Serper from Cybereason, have discovered a Kill-Switch for Petya ransomware. According to a tweet, company has advised users to create a file i.e. “C:\Windows\perfc” (without extension) to prevent ransomware infection.You need Administrator privileges to write into that directory
How to do it?
- Click on Start and type “cmd” without quotes
- Right click on it and choose “Run as administrator”
- Type “cd..” to navigate to previous directory
- Type “copy con perfc” and press Enter
- Type any random text. When you are finished press “Enter” to go to a new line and press “Ctrl” + “Z” to create the new file
- Type “dir pe*” to confirm it.
- Change attribute of the newly created file by executing the following command “attrib +R perfc”
- Repeat these steps 4 to 7 replacing “perfc” with “perfc.dll” and “perfc.dat” at the same directory
Petya Ransomware works by encrypting the Master File Table (MFT). If your system is rebooting after infection turn it off immediately to prevent files being encrypted.
Stay tuned for further updates.
Possibly Related Posts:
- International Information Security Conference “c0c0n 2017” on August 18, 19 at Cochin, Kerala
- International Information Security Conference “c0c0n 2016” on August 19, 20 at Kollam, Kerala
- 2GB of free Google Drive storage when you take your Security Checkup today
- Recover your Gmail and Orkut accounts from Bom Sabado attack
- c0c0n : International Security and Hacking Conference at Cochin, Kerala