Tuesday brought another global outbreak of ransomware similar to the WannaCry situation. The discovered ransomware is a Petya variant and security researchers are continuing to analyze how it works. In the process, security researcher, Amit Serper has found a way to prevent the Petya (NotPetya/SortaPetya/Petna) ransomware from infecting computers. Serper was the first to discover that NotPetya would search for a local file and would exit its encryption routine if that file already existed on disk. The simple solution is to put a read-only file called perfc in the C:\Windows folder. To make it simple, Bleeping Computer has a batch file to automate the process at https://download.bleepingcomputer.com/bats/nopetyavac.bat for those who don't feel comfortable manually creating the file. For those propeller heads that want to run through the process manually, the post shows you everything you need to know, including screenshots.
E-mail: firstname.lastname@example.org Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology