Batchfile to prevent Petya/Not Petya ransomware

The war between wetware and hardware.
User avatar
asthmatic camel
Posts: 18314
Joined: Sat Jun 05, 2004 1:53 pm
Title: Forum commie nun.
Location: Stirring the porridge with my spurtle.

Batchfile to prevent Petya/Not Petya ransomware

Post by asthmatic camel » Wed Jun 28, 2017 8:57 am

https://download.bleepingcomputer.com/b ... tyavac.bat
While analyzing the ransomware's inner workings, Serper was the first to discover that NotPetya would search for a local file and would exit its encryption routine if that file already existed on disk.

The researcher's initial findings have been later confirmed by other security researchers, such as PT Security, TrustedSec, and Emsisoft.

This means victims can create that file on their PCs, set it to read-only, and block the NotPetya ransomware from executing.

While this does prevent the ransomware from running, this method is more of a vaccination then a kill switch. This is because each computer user must independently create this file, compared to a "switch" that the ransomware developer could turn on to globally prevent all ransomware infections.
How to Enable the NotPetya/Petna/Petya Vaccine

To vaccinate your computer so that you are unable to get infected with the current strain of NotPetya/Petya/Petna (yeah, this naming is annoying), simply create a file called perfc in the C:\Windows folder and make it read only. For those who want a quick and easy way to perform this task, Lawrence Abrams has created a batch file that performs this step for you.
Source.
Shit happens. The older you get, the more often shit happens. So you have to try not to give a shit even when you do. Because, if you give too many shits, you've created your own shit creek and there's no way out other than swimming through the shit. Oh, and fuck.

User avatar
ed
Posts: 33635
Joined: Tue Jun 08, 2004 11:52 pm
Title: Rhino of the Florida swamp

Re: Batchfile to prevent Petya/Not Petya ransomware

Post by ed » Wed Jun 28, 2017 11:15 am

Probably a Trojan
Wenn ich Kultur höre, entsichere ich meinen Browning!

User avatar
Grammatron
Posts: 33777
Joined: Tue Jun 08, 2004 1:21 am
Location: Los Angeles, CA

Re: Batchfile to prevent Petya/Not Petya ransomware

Post by Grammatron » Wed Jun 28, 2017 5:43 pm

Don't download shit you don't know. Don't run shit you don't know. If an individual can't follow these complex steps they should get an apple.

User avatar
Doctor X
Posts: 68237
Joined: Fri Jun 04, 2004 8:09 pm
Title: Collective Messiah
Location: Your Mom

Re: Batchfile to prevent Petya/Not Petya ransomware

Post by Doctor X » Wed Jun 28, 2017 6:47 pm

Not if you are poor. Image

--J.D.
Mob of the Mean: Free beanie, cattle-prod and Charley Fan Club!
"Doctor X is just treating you the way he treats everyone--as subhuman crap too dumb to breathe in after you breathe out."--Don
DocX: FTW.--sparks
"Doctor X wins again."--Pyrrho
"Never sorry to make a racist Fucktard cry."--His Humble MagNIfIcence
"It was the criticisms of Doc X, actually, that let me see more clearly how far the hypocrisy had gone."--clarsct
"I'd leave it up to Doctor X who has been a benevolent tyrant so far."--Grammatron
"Indeed you are a river to your people.
Shit. That's going to end up in your sig."--Pyrrho
"Try a twelve step program and accept Doctor X as your High Power."--asthmatic camel
"just like Doc X said." --gnome

WS CHAMPIONS X4!!!! NBA CHAMPIONS!! Stanley Cup! SB CHAMPIONS X5!!!!!

User avatar
Anaxagoras
Posts: 22452
Joined: Wed Mar 19, 2008 5:45 am
Location: Yokohama/Tokyo, Japan

Re: Batchfile to prevent Petya/Not Petya ransomware

Post by Anaxagoras » Thu Jun 29, 2017 3:47 am

Doctor X wrote:Not if you are poor. Image

--J.D.
Yet you are poor.
A fool thinks himself to be wise, but a wise man knows himself to be a fool.
William Shakespeare

User avatar
Witness
Posts: 17744
Joined: Thu Sep 19, 2013 5:50 pm

Re: Batchfile to prevent Petya/Not Petya ransomware

Post by Witness » Thu Jun 29, 2017 4:15 am

ed wrote:Probably a Trojan
Looked at the batch file, and it just sets file attributes (to "read only").

User avatar
Doctor X
Posts: 68237
Joined: Fri Jun 04, 2004 8:09 pm
Title: Collective Messiah
Location: Your Mom

Re: Batchfile to prevent Petya/Not Petya ransomware

Post by Doctor X » Thu Jun 29, 2017 6:14 am

Anaxagoras wrote:
Doctor X wrote:Not if you are poor. Image
Yet you are poor.
Image

--J.D.
Mob of the Mean: Free beanie, cattle-prod and Charley Fan Club!
"Doctor X is just treating you the way he treats everyone--as subhuman crap too dumb to breathe in after you breathe out."--Don
DocX: FTW.--sparks
"Doctor X wins again."--Pyrrho
"Never sorry to make a racist Fucktard cry."--His Humble MagNIfIcence
"It was the criticisms of Doc X, actually, that let me see more clearly how far the hypocrisy had gone."--clarsct
"I'd leave it up to Doctor X who has been a benevolent tyrant so far."--Grammatron
"Indeed you are a river to your people.
Shit. That's going to end up in your sig."--Pyrrho
"Try a twelve step program and accept Doctor X as your High Power."--asthmatic camel
"just like Doc X said." --gnome

WS CHAMPIONS X4!!!! NBA CHAMPIONS!! Stanley Cup! SB CHAMPIONS X5!!!!!