Security Researchers have found an antidote to the recent Petya Ransomware cyber attack which took place in the late hours of Monday this week. The researchers claim that the solution will act as a kill switch that would prevent GoldenEye ransomware from spreading future into vulnerable systems.
Researchers have found that a creation of read-only file –named perfc- and inserting it into a computer’s “C:\\Windows” folder will do the trick of stopping the ransomware from spreading further.
Although the method seems to be effective, it only protects the PC on which the perfc folder has been placed on.
Microsoft on Monday blamed a tax filing software produced by a Ukraine-based company called MeDoc as a malware spreading carrier. Researchers from Cisco Talos Intelligence Unit also believed that the GoldenEye malware developers could have targeted their victims through MeDoc accounting software.
Companies operating in Russia, and Ukraine were the most affected in this attack followed by Britain, France, Germany, Italy, Poland, and United States.
Security experts from US Department of Homeland Security confirmed that the attack was launched to damage IT infrastructure and not for any financial gains.
Ukraine felt that the attack was launched by some state-funded actors to disrupt the celebrations of its Constitution Day.
Note- Wanna cry ransomware attack which targeted more than 300,000 computers across 150 countries was launched by a hacking group named Lazarus which is being secretly funded by the government of North Korea.
French construction material supplier Saint-Gobain, US Drug Maker Merck &Co, Nivea skin care plant and Enfamil and Lysol companies from India, Western Pennsylvania’s Heritage Valley Health System, Danish shipping giant AP Moller-Maersk, WPP which happens to be the world’s largest advertising agency, Russian Crude oil producer Rosneft were some of the companies which took a major impact from Tuesday’s cyber attack along with Ukraine.
US DHS said that it is keeping a close watch on the attacks and coordinating with law enforcement agencies of other countries. It has advised victims not pay the ransom because there is no guaranty that the access will be restored by the hackers.