You will have heard about the recent attack to Windows PCs called Petya or NotPetya.
The reason why some people say NotPetya is, that it is not a new version of the former Petya malware, even though it looks so.
This one is again (like WannaCry) based on the recently released NSA Tools (see my related post here).
But it is worse than WannaCry and was just built to create chaos and damage on as many systems as possible. The current damage is already massive. I bet you will hear more about it during the next days.
I will not repeat all the rumors about the source or intentions here.
Here is just, what I have done and what you should do (sorry, I should rather say “have to do”):
- BACKUP BACKUP BACKUP (everything you don’t want to loose, your Pictures, Movies, Documents, Source-code, Letters, Tax Statements, Banking Documents etc.)
- UPDATE UPDATE UPDATE (everything PCs, Routers, NASes, Mobile Devices)
- Replace or switch off your Windows XP PCs
- Do this on every Windows PC:
- Start a command prompt with admin rights (right click on the Windows Icon in the lower left corner and select ‘Command Prompt (Admin)’
- And type:
These commands will create three files perf, perfc.dll and perfc.dat and will mark them read only. The current version of NotPetya will stop working if these files were found. This is a very simple thing and most likely, a new version of NotPetya will disregard these files. However it doesn’t hurt and has no other side effect.
Finally, if you are already infected, for instance if you see a sudden Checkdisk message trying to repair your hard-drive or anything else unusual:
- Immediately switch off your PC (even if Checkdisk says you should not)
- Disconnect your PC from your network
- Try to boot it stand alone. If this doesn’t work anymore, most likely, your data is lost.
- Switch off your router / disconnect from the Internet
- Check your other PCs as you might have a chance that they are not yet infected.
Don’t trust the evil.