Petya NotPetya Ransomware Vaccine Fix – Not a Killswitch but will make your PC immune to NotPetya

To stay safe from Petya Ransomware attack , security researcher has found a fix for the PC who has valuable data in their PCs. With this you can prevent or Vaccinate your computer by creating a particular file. So if Petya finds the file on a PC, then the encryption program will stop. 

Make your PC immune to NotPetya

The most important thing to do this is to create the file independently on every PC & it can’ be used globally as WannaCry kill-switch.
This article is written on the same event i.e. Petya ransomware which I wrote yesterday. Petya exploits the Eternal Blue vulnerability. This vulnerability was also used by WannaCry Exploit. 
We told in the last article that this exploit was designed by NSA & later leaked by Shadow Brokers. The main countries that were affected by the ransomware attack are Ukraine , Russia , Poland & Germany.
The current Ransomware was earlier though as the new variant of Petya ransomware which was active last year. After further studies , Kaspersky re-announced that it is a new ransomware & renamed it as NotPetya.

Working of NotPetya 

The working of this new ransomware is very different from other ransomwares. After it infects into a PC, it wait for 10 to 60 minutes & then reboots the system using “at” or “schtasks” and “shutdown.exe” utilities.
After reboot, NotPetya encrypts the MFT table in NTFS file system . overwrites MBR with a new file that are basically ransom notes. 

petya vaccine kill switch
petya vaccine kill switch

How to enable Petya ransomware fix/vaccine?

Amit Serper who has find this way to prevent the infection of Petya ransomware, a report from Bleeping Computer.
The time between both attacks i.e. WannaCry & Petya are same. The researchers believed that there should be a killswitch that can defend PCs from Petya’s wrath. After deep study of its inner working, Serper found that Petya ransomware would cease its encryption routine if it detects a file on the disk. 
This statement was also supported by other researchers.

Steps to activate the Petya NotPetya Ransomware Vaccine Fix

To check whether your PC is vaccinated against Petya, you should create a new file named perfc in C:/Windows & make it read only.  Follow our steps to do it. 

  1. First step is to change the setting in Folder options & show all the hidden files in your PC.
  2. Then open C:\Windows & click on Notepad.exe. Create a copy of this file in the same location using Copy & paste option.
  3. A new file named notepad-exe will be created . Rename this file as perfc & hit Enter. 
  4. Click on the confirmation message to rename the file. 
  5. Now right click on the file & select properties. 
  6. In the property window , find Read Only checkbox in the bottom. After this click on Apply & then OK.

After all these steps are complete, your PC will be protected against Petya Ransomware. 
Note :- This is not a global kill switch which helps all the PCs globally. This vaccination will be applicable on every PC where these steps were followed.
If you find the information useful then please write a comment & let us know. Thank you.

Leave a Comment