Stop NotPetya With A Single File
The world has once again been hit by a deadly ransomware, NotPetya — just over a month after the high-profile WannaCry cyberattack.
Alarmingly, the Singapore Computer Emergency Response Team (SingCERT) has deemed the NotPetya bug “more dangerous and intrusive” than its predecessor.
NotPetya has already infected computer systems in Russia, Ukraine and the United States, with oil companies and banks among the victims.
But there’s no need to panic just yet, as it seems the malicious virus hasn’t infiltrated our local network. Neither government systems nor Singapore’s 11 critical information infrastructure (CII) sectors have been affected by NotPetya, and SingCERT hasn’t received any reports of the virus yet, reported Channel NewsAsia.
The virus is similar to that of WannaCry; users would have their systems locked and would have to part with $300 worth of Bitcoins to recover their files.
Worse still, various IT sites have speculated that the perpetrators have no intention of restoring the infected machines in the first place as NotPetya was incapable of decrypting infected machines.
An estimated $10,000 was collected from victims (a meagre sum by ransomware standards) before the e-mail account associated with disseminating the decryption key was shut down. This meant users won’t be able to get their files decrypted despite paying up.
Apparently, monetary gain wasn’t the main goal; chaos and destruction was — with Ukraine bearing the brunt of the attack.
Even though the virus hasn’t infected our local network yet, it doesn’t hurt to be on the safe side.
For the majority of users, simply having the latest Windows version will be sufficient to protect your system from attacks in the event your computer gets infected.
To that end, SingCERT released a technical advisory on Wednesday (June 28), recommending these steps to protect your system:
- Ensure that your Windows-based systems are fully patched. Security update (MS17-010) should be applied.
- Ensure that your anti-virus software is updated with the latest malware definitions.
- Perform file backups and store them offline. In the event of an attack, you can restore your system with your backups.
- Block inbound connections on TCP Port 445.
- Disable all unrequired services.
- Monitor your systems for privilege escalation.
Inoculate Your System
However, if you want to be extra sure, there’s a “vaccine” touted by security researchers backed up by security experts that will keep your computer safe.
This is despite a kill switch (a function to disable the virus) not being found yet.
Here are some simple steps, courtesy of BleepingComputer, you can take to ensure your computer system (Windows 8 and 10) is immune to the malicious virus:
(Disclaimer: The reported efficacy of this method has not been tested by MustShareNews.)
1. Show File Extensions
The first step is to enable file extensions to be seen. Open any folder and click the view tab.
Tick the checkbox labelled File name extensions.
2. Find Notepad.exe
Open the C:\Windows folder and find notepad.exe.
3. Copy & Paste Notepad.exe
Left click on notepad.exe once, and ensure it is highlighted. Then copy (CTRL+C) and paste it (CTRL+V) in the same folder.
You will be prompted for administrator permission; press continue.
4. Rename Copied File
Right click the file titled notepad – Copy.exe and rename it as perfc.
5. Make It Read-Only
Now that the file has been created, you’ll have to make it read-only.
Right click on file and select Properties.
Tick the Read-only box under the General tab and click OK.
6. Your Computer Is Now Vaccinated!
These are the necessary steps to take to vaccinate your counter against NotPetya.
Alternatively, if you’re too lazy to do even that, you can download a batch file at https://download.bleepingcomputer.com/bats/nopetyavac.bat that will do these troublesome steps for you. The batch file will also create two addition vaccination files called perfc.dat and perfc.dll.
A Vaccine, Not A Kill
But note that this method is effective in protecting the individual computer which the perfc file is created on, but it doesn’t eliminate the virus — it’s still somewhere in the computer.
As explained by computer scientist Alan Woodward in a quote to the BBC:
Even though it (the perfc file) will make a machine “immune”, it is still a “carrier” (of NotPetya).
So folks, stay safe, stay protected!
Featured image from ExtremeTech