Security Researcher Creates ‘Vaccine’ Against Ransomware Attack

Sadaka Associates Medical Device Safety 0 Comments

ransomware attacksIt’s a simple fact that ransomware attacks are becoming far more frequent, and hackers are continuing to use ransomware viruses in the hopes that at least some of those affected by the virus will pay the ransom to have their computers unlocked. Following up on the widespread WannaCry ransomware virus from earlier this year, the Petya ransomware virus recently affected thousands of computers in over 64 countries. However, a simple solution to stop the virus has now been found thanks to the work of one enterprising cyber-security expert.

About the Petya Ransomware Attacks

Like the WannaCry virus, the Petya ransomware locked infected computers from starting up and demanded a $300 payment in order to unlock the machine. Although it only affected approximately 12,500 computers, far less than the 200,000 machines infected by the WannaCry attack, the Petya ransomware still caused serious trouble for those organizations worst affected, such as American law firm DLA Piper, advertising agency WPP and the Ukrainian National Bank.

Still, the damage could have potentially been far more widespread had American security researcher Amit Serper not found a temporary solution to block the ransomware infections. Working in conjunction with a UK-based security expert known simply as Hacker Fantastic, Serper determined that the Petya ransomware originally searches a computer for a folder titled ‘perfc.dll’ and then immediately begins infecting the machine once it is unable to locate the folder.

By creating a folder with this same ‘perfc.dll’ name prior to the computer being infected, Serper showed that the virus could be successfully stopped in its tracks and the infection prevented. Although the idea of creating a new folder isn’t all that difficult or revolutionary, the fact that Serper was able to successfully analyze the Petya ransomware to find this vulnerability was still important in helping to stop the spread of the attack.

Of course, the only way to actually prevent the Petya ransomware from taking over and locking the computer’s hard drive is to create the folder or download the solution online prior to the computer being infected. The virus immediately starts searching for the ‘perfc.dll’ folder the second it is downloaded onto the machine, which obviously means that the folder needs to be in place before the attack occurs. Nonetheless, the good news is that the solution to stopping the attack couldn’t be simpler.

The Growing Ransomware Problem

Ransomware is a specific type of malicious software (malware) that locks or takes over control of a computer, smartphone, tablet or other electronic device. When a computer is infected with ransomware, a message is displayed that demands the user make a ransom payment. After making the payment, the user will then receive a code that can be used to unlock their device.

This type of ransomware originally appeared in 2005, and since that time, has grown into a huge problem for both private individuals and businesses. Some security experts estimate that nearly half of all major corporations have been victims of ransomware attacks — whether it was Petya, WannaCry or earlier variants like the FBI virus.

The vast majority of ransomware infections are due to opening an infected email. Most ransomware is hidden with an email attachment that pretends to be from a reputable or known sender. If the person falls for this type of phishing attack and opens the infected attachment, the virus will be downloaded and the computer instantly infected. Upon infection, the program then encrypts the hard drive and completely locks out the user until the ransom is paid or some other solution is found to get rid of it.

Having anti-virus software on all of your computers is obviously important in preventing most virus infections. Unfortunately, hackers are continually finding ways to bypass these advanced security measures, which means you could easily become a victim of a ransomware attack even with anti-virus software. If this does happen, hopefully another security expert will quickly find a solution as in the Petya and WannaCry attacks. Otherwise, you might be faced with paying several hundred dollars before you can use your machine again.

Learn more about Medical Device Safety.

Share this Post