Symantec Discovered a ‘Vaccine’ from the New Ransomware
On Tuesday organizations across the world suffered just another huge cyber-attack. But the key feature of this ransomware nicknamed ‘Misha’ is that the victims can’t pay the ransom fee: the culprits provided an invalid email address that was shut down by the hosting provider. The Bitcoin wallet where ransom money should be deposited hasn’t been touched at all. For the moment the wallet contains about $8,000-worth of Bitcoin, a ridiculous prize for a significant and widespread attack.
That’s why this attack is viewed upon as politically motivated attack on Ukraine as it started on the Constitution Day.
How it Spreads
Cisco’s Talos experts believe the attack may have been carried out by exploiting vulnerable accounting software. Specifically, by software update systems for a Ukrainian tax accounting package called MeDoc, the post in the company’s blog informs
MeDoc posted an update to its website on Tuesday saying, in Russian, “Attention! Our server made a virus attack” but later removed it and is now denying the fact that its software was exploited.
But politically motivated or not, ‘Misha’ has affected systems across the world. It inflicted computer networks in Russia enterprises and is detected in Europe and USA. Russian oil giant Rosneft, British advertising firm WPP, DLA Piper law firm and at least one hospital in the US city of Pittsburgh suffered the attack as well.
What is the ‘Vaccine’ Symantec Discovered
Since the attack started, many security experts has been searching for a method to stop the epidemic. As with the WannaCry the solution is simple and unexpected enough. The Symantec experts has discovered that ‘Misha’ looks for a file called perfec.dll on an attacked computer. This file signals that the system is infected. So the answer is to create a faked file and cheat the malware.
How to Create the ‘Vaccine
- Open WordPad.
- Save the empty file on a desktop under the name of perfec.dll
- Right-click the file and click Properties in a drop-down menu.
- Tick the Read Only box and save the changes.
- Copy it into the C:/Windows. You have to have an admin access to do this.
Disclaimer: It’s an emergency measure and it will give you some time to update your antivirus and protect your system thoroughly. Please, check your antivirus provider for a patch against ‘Misha’ immediately.
The experts also state that updating the OS on a regular basis is all a private user need to stay on the safe side. Still, many users forget to update or do not update the system deliberately to avoid the hardware conflicts Windows 10 is so notorious for.
Though the ransomware won’t be able to harm your system it can use it as an ‘infected’ platform all the same. We stress it once more that you use this cure only when you aren’t able to get any updates soon but strongly suspect that your system may be in danger. For instance, if you used the public hotspot. So, remember to remove the fake perfec.dll file after you update your OS and antivirus.
The Dangers of Tomorrow
Ransomwares has become not only criminal but political tools as well. Known the high security standards in governmental offices and facilities, hackers use the official software sites to inflict the computers with impunity. A mouse and a keyboard are now as dangerous as the nuclear weapons and even more. The Western powers has to face the challenge at once and assign means for building a hack-proof sandboxed network for governments and public facilities.
Though, it’s impossible to create a 100% hack-proof network, the scale and number of cyber-attacks can be diminished significantly.
And we add one more advice to the list of precautions we’ve shared with our readers. It goes: always check the software manufacturers’ sites to see if they’re secure. The virus can sneak in with the legal update.