The latest ransomware, which is named Petya, is locking the computer of government offices and already affected the Chernobyl nuclear plant and Ukraine’s electricity supplier. Security researcher Amit Serper had managed to find a trick to defend your computer against Petya ransomware.
Petya Ransomware Attack: Here’s How It Can Be Stopped
The previous month, we have seen WannaCry ransomware spread at a very fast pace and infected thousands of computers all over the world. Recently, the similar type of attack had been spotted in Ukraine banks. The new ransomware campaign has taken Ukraine banks offline.
The latest Ransomware attack is locking the computer of government offices and already affected the Chernobyl nuclear plant and Ukraine’s electricity supplier.
The latest ransomware which goes by the name Petya, has infected 60% computers in Ukraine, followed by 30% in Russia. USA, Poland, UK, Germany, and France had recorded the remaining 10% of infection.
It is said that Petya Ransomware exploits the Eternal Blue vulnerability, which is the same vulnerability exploited by the creators of WannaCry ransomware.
However, Petya Ransomware works in a different manner. This ransomware waits for about 10 to 60 minutes after the infection and then restarts the system using ‘at’, ‘schtasks’ or ‘shutdown.exe’ utilities. Once rebooted, the ransomware starts to encrypt the MFT table in NTFS partitions and overwrites the MBR with the folder that holds ransom notes.
If you want to read the full details on how Petya Ransomware works, you need to visit Kaspersky’s Securelist blog. According to the reports from Bleeping Computer, Security researcher Amit Serper had somehow managed to find a trick to defend your computer against Petya ransomware.
Amit Serper had analyzed the working of Petya Ransomware and found that the ransomware would terminate its encryption process if it finds a local file on a disk. The findings have been confirmed by few other researchers too.
Step 1. First of all, you need to enable the Windows extension. For that, you need to open the Folder Options and then uncheck the option ‘Hide Extensions for known file types’
Step 2. Now you need to go to C:\Windows and there you need to find notepad.exe program
Step 3. You need to copy and paste the file in the same folder. Select the file and then press CTRL+C to copy and Paste using CTRL+V.
Step 4. Now you will see a new notepad-copy.exe. You need to rename the file as perfc and the hit Enter. You will be promoted to make sure you want the changes or not, just click on Yes to continue.
Step 5. Now right click on the file and the click on ‘Properties’ and under the Attributes, check the option ‘Read-only’ and then click on Apply and then Ok.
This is what you can do to protect your computer against Petya ransomware. Share this post with your friends to help then secure their computer. So, what do you think about this? Share your views in the comment box below.