Petya Ransomware Attack: Here’s How You Can Stop It

Petya Ransomware Attack: The latest rescue, which is called Petya, is crashing the computer in government offices and has already affected the Chernobyl nuclear plant and Ukraine’s electricity supplier. Security researcher Amit Serper had managed to find a trick to defend his computer against Petya’s ransomware.

Petya Ransomware Attack: Here's How You Can Stop It
Petya Ransomware Attack: Here’s How You Can Stop It

Petya Ransomware Attack: Here’s How You Can Stop It

In the past month, we have seen the WannaCry ransomware spread at a very fast rate, infecting thousands of computers around the world. Recently, the similar type of attack had been seen on Ukrainian banks. The new bailout campaign has taken Ukrainian banks off the grid.

The latest Ransomware attack is crashing the computer in government offices and has already affected the Chernobyl nuclear plant and Ukraine’s electricity supplier.

The latest ransomware, which is called Petya, has infected 60% of computers in Ukraine, followed by 30% in Russia. The United States, Poland, the United Kingdom, Germany and France have recorded the remaining 10% of the infection.

Petya Ransomware is said to exploit the Eternal Blue vulnerability, which is the same vulnerability exploited by the creators of WannaCry ransomware.

However, Petya Ransomware works in a different way. This ransomware waits 10 to 60 minutes after infection and then reboots using the “at”, “schtasks” or “shutdown.exe” utilities. After restarting, the ransom program begins to encrypt the MFT table on the NTFS partitions and overwrites the MBR with the folder containing the ransom notes.

If you want to read the full details of how Petya Ransomware works, you have to visit Kaspersky’s Securelist blog. According to reports from Bleeping Computer, security researcher Amit Serper somehow managed to find a trick to defend his computer against Petya Ransomware.

Amit Serper had analyzed the operation of the Petya Ransomware and found that the ransom would terminate its encryption process if it finds a local file on a disk. The findings have been confirmed by a few other researchers as well.

Step 1. First of all, you need to enable the Windows extension. To do this, you need to open the Folder Options and then uncheck the option Hide extensions for known file types.

Step 2. Now you have to go to C: Windows and there you have to find the notepad.exe program.

Step 3. You need to copy and paste the file in the same folder. Select the file and then press CTRL + C to copy and paste using CTRL + V.

Step 4. Now you will see a new notepad-copy.exe. You need to rename the file as perfc and hit Enter. You will be promoted to make sure you want the changes or not, you just have to click Yes to continue.

Step 5. Now click with the right mouse button on the file and click on «Properties» and under Attributes, check the option «Read only» and then click on Apply and then on Ok.

Here’s what you can do to protect your computer from Petya ransomware. Share this message with your friends to help them protect their computer. So what do you think of this? Share your thoughts in the comment box below.

Leave a Comment

Your email address will not be published. Required fields are marked *