28 June 2017
Security researchers have discovered a ‘vaccine’ for the ransomware attack that hit organisations across the world on Tuesday.
The creation of a single file can stop the attack from infecting a machine. Among the victims of the recent attack were the Ukrainian central bank, Russian oil giant Rosneft, British advertising firm WPP and US law firm DLA Piper.
However, researchers have not been able to find a so-called kill switch that would prevent the crippling ransomware from spreading to other vulnerable computers.
Experts are still unsure about the attack's origins or its real purpose. Given that the ransom amount, $300, was relatively small, some are speculating that the attack may be a front for causing wider disruption or making a political statement. For those concerned about the attack, however, there appears to be a fix, albeit one with limited effectiveness.
By creating a read-only file named ‘perfc’, and placing it within a computer's ‘C:\Windows’ folder, the attack will be stopped in its tracks. However, while this method is effective, it only protects the individual computer that the perfc file is placed on. Researchers have so far been unable to locate a kill switch that would disable the ransomware attack entirely.
"Even though it will make a machine 'immune'," explained computer scientist Professor Alan Woodward, "It is still a 'carrier' (to use the biological analogy).
"It will still act as a platform to spread the ransomware to other machines on the same network."
For the vast majority of users, simply running an up-to-date version of Windows will be sufficient to prevent the attack taking hold, were it to infect your PC.
The spread of this new ransomware is likely to be much slower than last month's WannaCry attack, researchers predict, as code analysis showed that the new attack did not attempt to spread itself beyond the network it was placed on.
Because of this, several experts are predicting that the attack will not spread significantly further than it did on Tuesday, unless it is modified.
"There is low risk of new infections more than one hour after the attack," suggested the MalwareTech blog.
Contact Details and Archive...