New Ransomware Attack Spreading Rapidly Across World

[Paul Wagenseil]

Six weeks after WannaCry, a new ransomware worm appeared to be spreading rapidly around the world.

New Ransomware Attack Spreading Rapidly Across World : Read more

 

[ChrisPesoa]

Does the 'perfc' file actually nullifies the worm?

 

[Winkhorst]

"When the Petya ransomware infects a machine it searches for a folder called "perfc.dll". If it can't find the folder it takes hold of the computer, locking files and part of the hard drive. In the event that it finds the file the ransomware is not able to work."

http/www.telegraph.co.uk/technology/2017/06/28/security-researcher-creates-vaccine-against-ransomware-attack/

 

[Paul Wagenseil]

Does the 'perfc' file actually nullifies the worm?

Supposedly, yes -- it will stop or prevent the encryption process on an individual machine. It won't stop the ransomware from spreading to other machines in the local network.

But we're seeing reports now that adding 'perfc' may not work on Windows 7, and that the person(s) behind the Petya ransomware may have changed the code so that adding 'perfc' doesn't stop new infections.

 

[Winkhorst]

By the way, the file needs to be set to "read only."
https/www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/

 

[Paul Wagenseil]

By the way, the file needs to be set to "read only."
https/www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/

Thanks -- I saw that this morning but haven't had a chance to update the story yet. I am also seeing some reports that this immunization method doesn't work on Windows 7, and may not work on newly infected systems because the malware author(s) may have changed the source code.

 

[Paul Wagenseil]

"When the Petya ransomware infects a machine it searches for a folder called "perfc.dll". If it can't find the folder it takes hold of the computer, locking files and part of the hard drive. In the event that it finds the file the ransomware is not able to work."

http/www.telegraph.co.uk/technology/2017/06/28/security-researcher-creates-vaccine-against-ransomware-attack/

Yes, thanks -- that's already in our story.

 

[Yuki_2]

For God's sake, perfc.dll is NOT a "folder."