Security researcher creates ‘vaccine’ against ransomware attack

A vaccination for the global cyber attack that infected thousands of machines in dozens of countries has been discovered by an American security researcher.

The simple antidote to the Petya ransomware, which stops computers from being able to launch and demands a $300 (£234) payment, uses an empty folder to block the virus from working.

It could prevent further companies from falling victim to the attack that hit the Ukrainian National Bank, advertising giant WPP and US law firm DLA Piper. In total the incident affected 12,500 machines in 64 countries, according to Microsoft.

The fix is reminiscent of the “kill switch” for the WannaCry attack earlier this year that stopped the rapidly spreading virus after it had already infected more than 200,000 machines. But it can’t stop the Petya ransomware from spreading to more computers.

Unlike the WannaCry kill switch, discovered by 22-year-old self-taught Marcus Hutchins, the Petya antidote must be manually downloaded onto computers ahead of their being affected.

Amit Serper, the security researcher from Boston who discovered the solution, warned that it is probably a “temporary fix” rather than a tool to stop the problem completely.

Serper found the solution to the problem working with a UK-based cyber expert who goes by the name of Hacker Fantastic. Serper was on holiday with his family in Israel when the problem started.

When the Petya ransomware infects a machine it searches for a folder called “perfc.dll”. If it can’t find the folder it takes hold of the computer, locking files and part of the hard drive. In the event that it finds the file the ransomware is not able to work.

Following his discovery, Serper was inundated with messages of praise and some job offers. He eventually turned off notifications for people he doesn’t follow on Twitter and said he didn’t want a new job.

“I’m very happy with working for Cyber Reason, please stop emailing me. Also, appreciate the praises but let’s not go crazy. I’m not that good,” said Serper.

In a follow-up tweet he added: “Thanks for all the kind words. This is a temporary fix, let’s focus on patching, less on thanking me. Thanks again, I’m humbled.”

A kill switch for Petya appeared to be less pressing than it was for WannaCry as the former doesn’t spread in the same rapid way.

“There is low risk of new infections more than one hour after the attack,” Hutchins said.

Read more…

Source: The Telegraph