NotPetya ransomware, or NotPetya/Petna wiper malware or whatever you want to call it, has caused a lot of damage for not only individual users but for entire organizations and businesses all around the world in a span of a couple of days.
This attack is especially devastating for those infected because it is impossible to decrypt files. So unless there is backup, infection could have disastrous consequences. As soon as the threat started infecting users, malware researchers have rushed to examine and find ways to prevent it from spreading. Unfortunately, there is nothing they can do to help users who have already been infected but a cyber security researcher Amit Serper has discovered a way for users to prevent the infections from occurring in the first place.
How do you prevent the infection from taking place?
The researcher has uncovered that when NotPetya gets into the computer, it searches for a certain file and if it is present on your computer, the malware would not encrypt your files. Therefore, according to not only Serper but various other researchers, in order to prevent infection, all users need to do is create that file. Researchers call it a vaccination. And here is what you need to do.
You will need to create a file called perfc in C:Windows. Ensure that the file is read only. If you do not know how to do that, BleepingComputer’s Lawrence Abrams has created a batch file that will do it for you. It can be downloaded here. It will create two files, perfc.dat and perfc.dll and place them in C:Windows. So if Petya was to enter your computer, it would search and find those files, thus it will not execute its encryption process.
What if you were already infected?
For those who have already been infected, there is not much to be done. File recovery without backup is not possible. There are a couple of reasons for this. First of all, the email provided in the ransom note is no longer working, meaning you cannot contact the criminals. And in order to know who paid, the hackers would need you to email them your given ID. And even if the email was working, you would still not be able to get your files back. The ID that you are assigned during the encryption process is essential to decrypting files. It contains important information and is used when creating a decryption key. However, the ID you see in the ransom note is just random data, which means that no decryption key can be developed. You are stuck with useless files. This is why backup is essential. It cannot be stressed enough.
We should also caution you that even if you protect yourself against NotPetya, there is plenty of other similar kinds of threats. Every single file-encrypting malware is not reported by the mass media because it mostly affects individual users and not in a massive scale. However, if you are not careful, you could become a victim. That means you need to familiarize yourself with ransomware and how it spreads, build habits that would allow you to be safe. That means not opening every single email attachment you get, only using secure sources to download something. It also means you need to obtain professional anti-malware software that could spot infections before it’s too late.