Just create a file in c:\windows!
Currently we have a lot of information about Petya (ot Notpetya): you can take a look at this post, that i use to collect all information gathered from websites and social networks.
And from twitter, i have gained this priceless information about a ‘local vaccine’ for the ransomware, likewise to the famous Wannacry’s killswitch.
I found a way to stop the malware, All we need to know is the original name of the file – Come on people! https://t.co/4e17ST5xHL
— Amit Serper (@0xAmit) June 27, 2017
Amit Serper found that the malware not ‘detonate’ on system if a specific file was found on the c:windows folder.
After some minutes, Amit confirm the discovery:
Also other researchers confirms that the trick is working
copy NUL C:Windowsperfc.dat pic.twitter.com/XxrBzkfRgG
— Florian Roth (@cyb3rops) June 27, 2017
and Chris Campbell releases a powershell script that automate the creation of the file and apply read-only ACL: