NotPetya Ransomware Attack can be Stopped in its Tracks With a Simple Batch File

The world awoke to a rather nasty surprise yesterday, as a new global ransomware attack was discovered. At first, it was assumed this was a Petya ransomware attack, but those claims were discredited later on. Luckily, it appears this undefined ransomware can be someone remedied, albeit there is no official killswitch whatsoever. It is evident criminals are not giving up on ransomware anytime soon.

Yet Another Global Ransomware Attack

One would expect corporations and institutions to be aware of ransomware threats in 2017. So far, that hasn’t been the case, as we have seen two global attacks in recent months. First of all, there was the WananCry ransomware attack, which infected over 200,000 computers and systems all over the world. Yesterday’s attack appeared to be an undisclosed type of malware, which is clearly not Petya.

More specifically, a lot of news outlets claim this is a Petya ransomware outbreak, but that is not the case. A thorough analysis of obtained samples turns out the ransomware strain shares some similarities with Petya, but it is also very different in other regards.  For the time being, this malware has no official name, although some researchers refer to it as NotPetya or Petna. It will take some time until it has an official name.

What makes this particular malware so powerful is how it locks up hard drives and Master Boot Record sections. As one would come to expect from a  ransomware attack, the criminals trick victims into paying a ransom amount in Bitcoin. In this particular case, it appears victims had to pay US$300, which is somewhat of an average amount for ransomware attacks these days. However, there is no point in paying the ransom whatsoever, as it would not result in receiving the decryption key.

More specifically, victims had to send an email to a particular email provider to get the decryption key. However, the email service provider has successfully shut down the inbox pertaining to this undisclosed ransomware attack. This means anyone trying to send an email to the address will not get through. This means paying the ransom is utterly pointless, as there is no way to get in touch with the ransomware developer whatsoever. It is evident this ransomware doesn’t use a command-and-control server, which makes it very difficult to get rid of the malware.

Luckily, it appears there is a “vaccine” to counter this malware. It is not something that will stop the malware from spreading itself on a global scale, but it can help some victims out. Users will need to create a file in their Windows folder with read-only permissions. A batch file has been created to perform this step on behalf of the computer user, which is developed by Lawrence Abrams. It is quite interesting how a simple file can prevent the ransomware from harming your computer.

For those people who have already been infected by this undefined ransomware, it will be quite challenging to get rid of the malware itself. There is no free decryption tool available right now, and it may take a few more weeks or months until that situation changes. It is evident far too many computers remain vulnerable to ransomware attacks. For the time being, it is unclear what made this particular malware strain so successful, although it is possible the ransomware leverages some well-known exploits.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.