Initially, hackers and researchers believed that its an advanced version of Wannacry Ransomware but in actual way, there is no relation between Wannacry and Petya ransomware. Both ransomwares are using some different technique for spreading the infection. Some other names of Petya ransomwares are NotPetya, Petya or SortaPetya.
On Bleepingcomputer.com, they’ve already posted a vaccine/solution through which you can easily prevent your system from Petya Ransomware Attack.
Because of biggest outreach worldwide, so many researchers are already started their work to analyze the functionality behind Petya Ransomware.
Amit Serper is the guy who found a way to stop this malware infection, all you need to know the original name of the file.
Serper initial findings have been later confirmed by other security researchers such as Trustedsec, Emsisoft etc. Simply you just need to create a file with no extension in your C:\windows directory which blocks further execution of this ransomware and will blocks the NotPetya Ransomware.
Process to Apply Vaccine for Petya Ransomware
You need to create a file named as “perfc” in “C:\Windows” directory and make it read-only. If you are unable to create a read-only file in Windows Directory then you can also follow the easiest step by creating that file with no-extension with the help of a BATCH file.
For Advanced Users, if you want to create “perfc” file manually then you need to enable one option from Folder Options, i.e. “Hide Extensions for known file types“, you simply need to uncheck this option.
After that open up the C:\Windows directory and find “Notepad.exe” file. Once you get that notepad.exe file, you just need to copy and paste the same file in same directory and the default name will be “Notepad – Copy.exe“. Press F2 to rename this file and type “perfc” and save it.
Here it will ask permissions to copy the file, press continue to create the copy of Notepad.Exe
Once the filename has been changed to perfc, you’ll get one warning error which shows some message as shown below, simply click on YES button.
After that you need to right click on that file and click on Properties and a dialog box will popup and tick the option for “Read-Only” mode and Apply the changes.
The properties windows should close and your computer should now be vaccinated against the Petya/NotPetya Ransomware.
Here is another way of doing it.
- Open a cmd prompt with Administrative permissions.
- On windows 8 onwards, Right click the “start” button and click on Command Prompt(Admin).
- On Windows 7 Left click on Start button, > All Programmes > Accessories and Right Click on Command prompt and select “Run As Administrator“
- Run this command, fsutil file createnew c:\windows\perfc.dat 1000
- It should say file is created.
- Now run, attrib R C:\Windows\perfc.dat
- You should now have the correct file as read only.
You can also apply Petya Vaccine with the help of group policy preferences.
Even, India’s largest container “JNPT” also hit by petya ransomware and shipping ministry also confirmed that only one terminal of JNPT has been affected at Maersk’s Hague office.
UPDATE 23:00 CEST pic.twitter.com/ITmwGIHD6e
— Maersk (@Maersk) June 27, 2017
Cyber attack update 09:06 CEST pic.twitter.com/kInQZz4Wyv
— Maersk (@Maersk) June 28, 2017