Yet another ransomware attack is plaguing computers worldwide.  It was originally thought to be a version of the Petya ransomware strain but researches state that it is different enough to be its own strain and has been dubbed NotPetya.  Earlier this afternoon a researcher discovered a vaccine of sorts.  This is different than the killswitch that was discovered for WannaCry, but it seems to stop the spread of the ransomworm.

To vaccinate your computer, you need to create a file called “perfc” with no file extension.  This file needs to be saved in the c:\windows directory and then set as read only.  For many, the Windows directory will require admin rights to create or save a file in this directory.

This strain spreads over a local network instead of the internet so the spread will be slower.  It was released into the wild by an infected update of an accounting software popular in the Ukraine called M.E. Doc. Once a computer is infected it scans the LAN for other endpoints to infect.  It then forces a reboot of your computer.  When the computer comes back up it appears that a chkdsk routine is being run.  If you see this behavior turn off your computer immediately.  If you can shut down prior to the fake chkdsk routine starts running, your files will be safe.  You can recover your computer form an advanced Backup and Disaster Recovery solution or with a Windows restore disk.

Need help? Contact us.