Report of ‘vaccine’ for latest global malware attack

The BBC has posted an article saying that “the creation of a single file can stop the attack from infecting a machine.”

Bleeping Computer reports that “While this does prevent the ransomware from running, this method is more of a vaccination than a kill switch. This is because each computer user must independently create this file, compared to a “switch” that the ransomware developer could turn on to globally prevent all ransomware infections.”

Methods to protect yourself

Bleeping Computer recommends that you create a read-only file named perfc and place it in your c:/windows directory. You may get an error message saying that you need to contact your administrator. If so, make sure you’re signed into Windows as an administrator. If you still get that message, you may need to take extra steps. If so, please consult an expert as making a mistake when implementing these steps can harm your machine. Also make sure that you’re keeping your operating system up-to-date.

Expert advice

When I have Windows questions, I turn to ZDNet columnist Ed Bott, one of the world’s most knowledgeable Windows experts. In response to my question via email, Bott said that “there really is no reason to do that (create the Perfc file) as long as you have the MS2017-010 patch (from March) installed AND you have the latest signatures for your AV software, including Windows Defender.” Bott has posted additional advice on how to protect your system from ransomware. Bottom line: Use good anti-malware software and keep it up-to-date.

Using anti-malware software

Microsoft on Tuesday posted a bulletin informing Windows users that the company “released cloud-delivered protection updates and made updates to our signature definition packages.” It said that the updates were automatically delivered to all Microsoft free anti-malware products, including Windows Defender Antivirus and Microsoft Security Essentials. You can download the latest version of these files manually at the Malware Protection Center. If you use a different security program, check with that company’s website to see if they protect you against this latest malware (many do).

Background

The malware includes , code called “Eternal Blue” that was stolen from the National Security Agency (NSA). The same code was used in last months WannaCry attack.

The first attack using this methodology was reported in Ukraine on Tuesday but it spread rapidly within Europe and then to the U.S.  Once a network is infected, it can spread within the network, which is one of the reasons that large organizations are vulnerable. Microsoft said that the “Initial infection appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc, which develops tax accounting software.”

This ransonware, according to Securelist, “waits for 10-60 minutes after the infection to reboot the system.” It is spread across networks.

Microsoft has a useful FAQ on ransomware