Cybereason today announced that Amit Serper, the company’s Principal Security Researcher is the first person in the world to discover a killswitch in the NotPetya ransomware that today is wreaking havoc in across the globe. The kill switch prevents the ransomware from running on any computer on which it is activated.
Follow Serper’s discovery on Twitter: https://twitter.com/0xAmit
To activate the kill switch users must locate the C:\Windows\ folder and create a file named perfc, with no extension name. This should kill the application before it begins encrypting any files.
When first run, the NotPetya ransomware searches for its own filename in the C:\windows\ folder, and if it is found, it will cease to operate. Once the original filename was found and verified by two different sources, Amit was able to piece together a killswitch that should work for any instance of the original ransomware infection that spread.
Overall, ransomware with functionality that’s similar to Petya ransomware today infected organizations across Europe, bringing business to a standstill. Ukraine businesses have so far beared the brunt of the attack. Supermarkets, gas stations and banks in the country along with its public transportation system and major telecommunications provider reported that their systems have been compromised. Like the WannaCry attack, this ransomware supposedly uses the EternalBlue exploit to spread.
Founded in 2012 by Div and co-founders Yossi Naar and Yonatan Striem-Amit, Cybereason recently announced an infusion of new capital of $100 million from SoftBank. This new financing solidifies Cybereason as the leading cybersecurity startup changing the status quo in the security industry, with 500 percent growth in revenue in the past year.
About Cybereason
Cybereason is the leader in endpoint protection, offering endpoint detection and response, next-generation antivirus, and managed monitoring services. Founded by elite intelligence professionals born and bred in offense-first hunting, Cybereason gives enterprises the upper hand over cyber adversaries. The Cybereason platform is powered by a custom-built in-memory graph, the only truly automated hunting engine anywhere. It detects behavioral patterns across every endpoint and surfaces malicious operations in an exceptionally user-friendly interface. Cybereason is privately held and headquartered in Boston with offices in London, Tel Aviv, and Tokyo.
Media Contact:
Bill Keeler
Director, Public Relations
Cybereason
bill.keeler@cybereason.com
(508) 414-7755 (cell)