[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
Update on Petya Attack
As noted by our on-site expert, krakatoa, the current vaccine for Petya involves creating a file called perfc in the C://Windows folder and making it read only.  No kill-switch has been discovered, only a local vaccine.  
If you see the reboot notification below, your device has been infected. Turn off your device to prevent future encryption. Petya begins encrypting the device an hour after the initial infection.
**Update: Petya begins encrypting your the first 1MB of your files prior to the reboot. See new post for the updated information. **petyareboot.JPG
6
 
LVL 12

Expert Comment

by:Maclean
Just a random thought. If creating a read only file named perfc is the vaccine, would it also not be the preventative measure?
e.g. create it now, so if infected, nothing will be encrypted for starters?
It might not stop Petya from hitting your PC, but it might prevent finding your files encrypted potentially.
0
 
LVL 12

Expert Comment

by:Maclean
Never mind. I just realized that that's what a vaccine implied. Doh!
2
 

Expert Comment

by:MASWORLD
for Petya involves creating a file called perfc in the C://Windows folder and making it read only

what is the file extension for perfc  i should create
0
 

Expert Comment

by:Phillip Monk
.dat
1
 
LVL 11

Author Comment

by:Experts Exchange
According to our knowledge, file extensions .dat and .dll for perfc. Check out this article for more info!
0

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month