Petya/Notpetya ransomware: we have a vaccine!
Just create a file in c:\windows!
Currently we have a lot of information about Petya (ot Notpetya): you can take a look at this post, that i use to collect all information gathered from websites and social networks.
And from twitter, i have gained this priceless information about a ‘local vaccine’ for the ransomware, likewise to the famous Wannacry’s killswitch.
[embed]https://twitter.com/0xAmit/status/879764284020064256[/embed]
Amit Serper found that the malware not ‘detonate’ on system if a specific file was found on the c:windows folder.
After some minutes, Amit confirm the discovery:
https://twitter.com/0xAmit/status/879778335286452224
Also other researchers confirms that the trick is working
[embed]https://twitter.com/cyb3rops/status/879810363088404480[/embed]
and Chris Campbell releases a powershell script that automate the creation of the file and apply read-only ACL:
[embed]https://twitter.com/phage_nz/status/879813794741997568[/embed]
[embed]https://gist.github.com/andreafortuna/058011001874c9c19df6fda26a3ccf1f[/embed]