If you believed that the days of massive attacks with ransomware had passed after the disaster that caused WannaCry, you were quite wrong. As many security experts anticipated, other malware that also takes advantage of the EternalBlue and EternalRomance vulnerabilities will surely continue to be created.
It's just what happened with NotPetya, a so-called threat because it appears to be a new strain of Petya, a ransomaware it appreciated last year, but this time it has additional features. So far ransomware has been spread by various companies and institutions in Ukraine, Spain, UK, India, Holland, Denmark and more.
Although there is still no kill switch to stop the attack once it has started, security researcher Amit Serper has found a way to prevent an infection with NotPetya ransomware, basically a vaccine to prevent it from running.
Serper was the first to discover that NotPeyta will look for a local file inside the computer and if that file exists on disk, then ransomware will stop its encryption routine. That is, if you create this file by hand, you can vaccinate your computer.
How to apply the vaccine
The user must create a file named perfc without extension, save it to the C: \ Windows folder and mark it as "read only".
The first thing you have to do is open the Windows explorer and look for the menu to Change folder and search options. Once the Folder Options window is displayed choose the View tab and under Advanced settings uncheck the "Hide known file extensions"
After you click Apply and OK you will be able to see the extensions of the files in order to create one without extension. Navigate to the C: \ Windows folder and look for the notepad.exe application.
Select notepad.exe and copy and paste the file right there, pressing CTRL + C and then CTRL + V. You will be asked to give permissions to continue with the copy and then a file called "notepad - copia.exe
Select notepad - copia.exe by left - clicking and pressing F2 on the keyboard to rename the file. Delete all, including the .exe extension and write perfc. Press enter and then Yes when prompted to confirm the name of the extension.
In the properties window check the box "Read only and then press Apply and OK.
This is a simple way to prevent the attack on some system that for some reason can not be updated with the latest security patches. Recall that the vulnerabilities exploited by this ransomware have already been patched by Microsoft.
It is important to always keep your operating system up to date, and also to create constant backups of the data stored on it. In addition, paying for the ransomware or other ransomware guarantee never guarantees that your files will be returned to you, so it is not recommended.