Posts Tagged ‘Petya ransomware’

Kill-Switch for Petya ransomware on Windows

June 28th, 2017 No comments

PT Security, a UK-based cyber security company and Amit Serper from Cybereason, have discovered a Kill-Switch for Petya ransomware. According to a tweet, company has advised users to create a file i.e. “C:\Windows\perfc” (without extension) to prevent ransomware infection.You need Administrator privileges to write into that directory

How to do it?

  1. Click on Start and type “cmd” without quotes
  2. Right click on it and choose “Run as administratorcmd with admin privilages
  3. Type “cd..” to navigate to previous directory
  4. Type “copy con perfc” and press Enter copy con
  5. Type any random text. When you are finished press “Enter” to go to a new line and press “Ctrl” + “Z” to create the new file create new file
  6. Type “dir pe*” to confirm it.
  7. Change attribute of the newly created file by executing the following command “attrib +R perfcchange attributes to read only
  8. Repeat these steps 4 to 7 replacing “perfc” with “perfc.dll” and “perfc.dat” at the same directory

Petya Ransomware works by encrypting the Master File Table (MFT). If your system is rebooting after infection turn it off immediately to prevent files being encrypted.

Stay tuned for further updates.


Possibly Related Posts: